diff --git a/app.te b/app.te
index 14f343072a956be7bec58be0576a94ffe6c91532..1ee307550f9b26668515e57b760fd42bbde1f337 100644
--- a/app.te
+++ b/app.te
@@ -249,7 +249,6 @@ neverallow { appdomain -unconfineddomain } socket_device:sock_file write;
 
 # Unix domain sockets.
 neverallow { appdomain -unconfineddomain } adbd_socket:sock_file write;
-neverallow { appdomain -unconfineddomain } bluetooth_socket:sock_file write;
 neverallow { appdomain -unconfineddomain } installd_socket:sock_file write;
 neverallow { appdomain -bluetooth -radio -shell -system_app -unconfineddomain }
     property_socket:sock_file write;
diff --git a/bluetooth.te b/bluetooth.te
index 6b48ed48da51dfc694f9876178957a01ee927fe9..a46ace80a0b16412aa50c7f6ed74730965c36a50 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -7,6 +7,10 @@ app_domain(bluetooth)
 allow bluetooth bluetooth_data_file:dir create_dir_perms;
 allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
 
+# Socket creation under /data/misc/bluedroid.
+type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
+allow bluetooth bluetooth_socket:sock_file create_file_perms;
+
 # bluetooth factory file accesses.
 r_dir_file(bluetooth, bluetooth_efs_file)
 
diff --git a/file_contexts b/file_contexts
index c0d7e6515613601c284b433cf528de17325f281c..f593f6db0cbd2e63e3632317f9cccc93ae4ae410 100644
--- a/file_contexts
+++ b/file_contexts
@@ -75,7 +75,6 @@
 /dev/snd(/.*)?		u:object_r:audio_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
-/dev/socket/bluetooth	u:object_r:bluetooth_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/gps		u:object_r:gps_socket:s0
diff --git a/mediaserver.te b/mediaserver.te
index 7589ee8bac962a5cb8f76ba5a5801766803d9ee4..46a9587ca3d4618aa9581f24ab722598e27a61bb 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -66,3 +66,7 @@ allow mediaserver rild:unix_stream_socket { connectto read write setopt };
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(mediaserver, drmserver, drmserver)
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(mediaserver, bluetooth, bluetooth)