diff --git a/public/init.te b/public/init.te
index e37f1ce5e299bc9ddafd4ddadfe056c79b2c9ece..1a5a651f8e85d1cbf156e38e266cafea71252be7 100644
--- a/public/init.te
+++ b/public/init.te
@@ -29,8 +29,8 @@ allow init device:file relabelfrom;
 allow init runtime_event_log_tags_file:file { open write setattr relabelto create };
 # /dev/socket
 allow init { device socket_device }:dir relabelto;
-# /dev/random, /dev/urandom
-allow init random_device:chr_file relabelto;
+# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom
+allow init { null_device ptmx_device random_device } : chr_file relabelto;
 # /dev/device-mapper, /dev/block(/.*)?
 allow init tmpfs:{ chr_file blk_file } relabelfrom;
 allow init tmpfs:blk_file getattr;