diff --git a/private/apexd.te b/private/apexd.te
index 702ba57d4489187e8770eb1805fe70e5f4ed51dd..7b1c0417550b576fc0567dfa3abee9b7ca597e9a 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -49,9 +49,13 @@ allow apexd apex_data_file:file relabelto;
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };
 
-# Configure read-ahead of dm-verity devices
+# Configure read-ahead of dm-verity and loop devices
+# for dm-X
 allow apexd sysfs_dm:dir r_dir_perms;
 allow apexd sysfs_dm:file rw_file_perms;
+# for loopX
+allow apexd sysfs_loop:dir r_dir_perms;
+allow apexd sysfs_loop:file rw_file_perms;
 
 # Spawning a libbinder thread results in a dac_override deny,
 # /dev/cpuset/tasks is owned by system.
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 187712ec5008719981b488c1440a4d63d8283e59..abd5fc33f1f96e7131063b4b86dcd7daa9875f28 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -623,6 +623,7 @@
     sysfs_dt_firmware_android
     sysfs_ipv4
     sysfs_kernel_notes
+    sysfs_loop
     sysfs_net
     sysfs_power
     sysfs_rtc
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index 2a4f854d27ecaa7a2c8c80104868dce6fde7e391..8bc2ca6ea8fc3519201ec362971ce73e9bc26f5c 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -1338,6 +1338,7 @@
     sysfs_dt_firmware_android
     sysfs_ipv4
     sysfs_kernel_notes
+    sysfs_loop
     sysfs_net
     sysfs_power
     sysfs_rtc
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 323fb0a0c0c1c01b24e8fbd974ae96068a430f82..d10ca35cce0a0bc55dbdba8cd481a25b2d3368c2 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1535,7 +1535,9 @@
 (typeattributeset surfaceflinger_28_0 (surfaceflinger))
 (typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service))
 (typeattributeset swap_block_device_28_0 (swap_block_device))
-(typeattributeset sysfs_28_0 (sysfs))
+(typeattributeset sysfs_28_0
+  ( sysfs
+    sysfs_loop))
 (typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))
 (typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo))
 (typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 5f7a042ed2014fa4bb3f7ac0502319f3a1cf4672..88aca5b976219420c2492f61e02aab76df2ca3eb 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -110,6 +110,7 @@ genfscon sysfs /class/switch                      u:object_r:sysfs_switch:s0
 genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
 genfscon sysfs /devices/virtual/android_usb     u:object_r:sysfs_android_usb:s0
 genfscon sysfs /devices/virtual/block/dm-       u:object_r:sysfs_dm:s0
+genfscon sysfs /devices/virtual/block/loop       u:object_r:sysfs_loop:s0
 genfscon sysfs /devices/virtual/block/zram0     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram1     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram0/uevent    u:object_r:sysfs_zram_uevent:s0
diff --git a/public/file.te b/public/file.te
index 597204a40b3b053a8915da790b531761f8369053..99a2c0d0eabe548536d15ef43e5c57dd2cf480d0 100644
--- a/public/file.te
+++ b/public/file.te
@@ -77,6 +77,7 @@ type sysfs_dt_firmware_android, fs_type, sysfs_type;
 type sysfs_ipv4, fs_type, sysfs_type;
 type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_leds, fs_type, sysfs_type;
+type sysfs_loop, fs_type, sysfs_type;
 type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
diff --git a/public/vold.te b/public/vold.te
index 5d5c44b86c150af1fab16e79814b475babdf4b91..7e71f16070181b10c5e40c00378370338eb6f8c7 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -10,6 +10,7 @@ allow vold cache_file:lnk_file r_file_perms;
 r_dir_file(vold, { sysfs_type -sysfs_batteryinfo })
 # XXX Label sysfs files with a specific type?
 allow vold sysfs:file w_file_perms; # writing to /sys/*/uevent during coldboot.
+allow vold sysfs_loop:file w_file_perms; # writing to /sys/block/loop*/uevent during coldboot.
 allow vold sysfs_dm:file w_file_perms;
 allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;