diff --git a/public/vold.te b/public/vold.te
index 13c63379b889a467d72ce7305ae91d923cc214d9..df72f29ec0326be23c54a70409ffe2d0389f514d 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -164,6 +164,9 @@ hal_client_domain(vold, hal_keymaster)
 # talk to health storage HAL
 hal_client_domain(vold, hal_health_storage)
 
+# talk to bootloader HAL
+hal_client_domain(vold, hal_bootctl)
+
 # Access userdata block device.
 allow vold userdata_block_device:blk_file rw_file_perms;
 
@@ -266,6 +269,7 @@ neverallow vold {
   -hal_health_storage_server
   -hal_keymaster_server
   -hal_system_suspend_server
+  -hal_bootctl
   -healthd
   -hwservicemanager
   -servicemanager