diff --git a/public/init.te b/public/init.te
index a65bf2cbc304e176252e7b6513b1a81a1a6137db..86f062ab1720f8d94de9c8e24effc93d7798eb3c 100644
--- a/public/init.te
+++ b/public/init.te
@@ -27,9 +27,11 @@ allow init random_device:chr_file relabelto;
 # /dev/device-mapper, /dev/block(/.*)?
 allow init tmpfs:{ chr_file blk_file } relabelfrom;
 allow init tmpfs:blk_file getattr;
-allow init block_device:{ dir blk_file } relabelto;
+allow init block_device:{ dir blk_file lnk_file } relabelto;
 allow init dm_device:{ chr_file blk_file } relabelto;
 allow init kernel:fd use;
+# restorecon for early mount device symlinks
+allow init tmpfs:lnk_file { getattr read relabelfrom };
 
 # setrlimit
 allow init self:capability sys_resource;