diff --git a/device.te b/device.te
index ac34d727cf459785d0d1aa2d7a203752c8820b39..4d2dea36e8d05fbb520907b0ed05ad9d124d6118 100644
--- a/device.te
+++ b/device.te
@@ -37,6 +37,7 @@ type urandom_device, dev_type;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type;
+type fuse_device, dev_type;
 
 # All devices have a uart for the hci
 # attach service. The uart dev node
diff --git a/file_contexts b/file_contexts
index c610df37ce1f2f4646e9f667caa2dd38c39004a6..fa22c87771aed9d5938636771f75c65e99dcbf30 100644
--- a/file_contexts
+++ b/file_contexts
@@ -25,6 +25,7 @@
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/full		u:object_r:full_device:s0
+/dev/fuse		u:object_r:fuse_device:s0
 /dev/graphics(/.*)?	u:object_r:graphics_device:s0
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
@@ -96,6 +97,7 @@
 /system/bin/bluetoothd	u:object_r:bluetoothd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
 /system/bin/qemud	u:object_r:qemud_exec:s0
+/system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/xbin/su		u:object_r:su_exec:s0
 /system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
 #############################
diff --git a/sdcardd.te b/sdcardd.te
new file mode 100644
index 0000000000000000000000000000000000000000..21b867322aa3253c5ebb5d7693c931cb8577f4f8
--- /dev/null
+++ b/sdcardd.te
@@ -0,0 +1,13 @@
+type sdcardd, domain;
+type sdcardd_exec, exec_type, file_type;
+
+init_daemon_domain(sdcardd)
+
+allow sdcardd cgroup:dir create_dir_perms;
+allow sdcardd fuse_device:chr_file rw_file_perms;
+allow sdcardd rootfs:dir mounton;
+allow sdcardd sdcard:filesystem mount;
+allow sdcardd self:capability { setuid setgid };
+allow sdcardd system_data_file:dir  create_dir_perms;
+allow sdcardd system_data_file:file create_file_perms;
+