diff --git a/app.te b/app.te
index 6188ef0bbed864d2d2b2ddc7a2e0a732e7bf513f..c216fbeac1a6412103a7a5b0b11dfced16a99405 100644
--- a/app.te
+++ b/app.te
@@ -27,6 +27,7 @@ allow platform_app apk_tmp_file:file rw_file_perms;
 # ASEC
 allow platform_app asec_apk_file:dir create_dir_perms;
 allow platform_app asec_apk_file:file create_file_perms;
+allow platform_app download_file:file rw_file_perms;
 
 # Apps signed with the media key.
 type media_app, domain;
@@ -47,6 +48,11 @@ allow media_app unlabeled:dir getattr;
 # Stat /cache/backup
 allow media_app cache_backup_file:file getattr;
 allow media_app cache_backup_file:dir getattr;
+# Read files in the rootdir
+allow media_app rootfs:file r_file_perms;
+# Allow platform apps to mark platform app data files as download files
+allow media_app platform_app_data_file:dir relabelfrom;
+allow media_app download_file:dir relabelto;
 
 # Apps signed with the shared key.
 type shared_app, domain;
@@ -92,6 +98,7 @@ allow platformappdomain sdcard_type:file create_file_perms;
 # System data file accesses (e.g, shared objects from the lib directory)
 allow platformappdomain system_data_file:file { execute open };
 
+
 #
 # Untrusted apps.
 #
@@ -186,3 +193,7 @@ allow { appdomain isolated_app } backup_data_file:file { read write };
 allow { appdomain isolated_app } cache_backup_file:file { read write };
 # Backup ability using 'adb backup'
 allow { appdomain isolated_app } system_data_file:lnk_file getattr;
+
+# Allow all applications to read downloaded files
+allow appdomain download_file:file r_file_perms;
+file_type_auto_trans(appdomain, download_file, download_file)
diff --git a/file.te b/file.te
index a82945a5f4e15076b7800140370bb1c33f0903f0..2f30e4c02dce14ba2fb619aff575a1cfbed764dc 100644
--- a/file.te
+++ b/file.te
@@ -76,6 +76,8 @@ type security_file, file_type;
 # vary per device, so this type is used in per
 # device policy
 type bluetooth_efs_file, file_type;
+# Downloaded files
+type download_file, file_type;
 
 # Socket types
 type adbd_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 26a1863dc2ccc65aa0f91504ad6717381c981891..87f816f6788fa69e200c8f5a48920c1fd594f41f 100644
--- a/file_contexts
+++ b/file_contexts
@@ -183,6 +183,8 @@
 /data/data/com.android.settings/files/wallpaper	u:object_r:wallpaper_file:s0
 # Wallpaper file for other users
 /data/system/users/[0-9]+/wallpaper		u:object_r:wallpaper_file:s0
+# Downloaded files
+/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0
 #############################
 # efs files
 #