diff --git a/private/file_contexts b/private/file_contexts
index 35325f95dad7bc5cf5b1b11286bba9099b64b1f1..4735191c5896f123acc38f0571441f7e347ebe74 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -41,15 +41,15 @@
 /file_contexts\.bin     u:object_r:file_contexts_file:s0
 /nonplat_file_contexts  u:object_r:file_contexts_file:s0
 /plat_file_contexts     u:object_r:file_contexts_file:s0
-/mapping_sepolicy\.cil   u:object_r:rootfs:s0
-/nonplat_sepolicy\.cil   u:object_r:rootfs:s0
-/plat_sepolicy\.cil      u:object_r:rootfs:s0
+/mapping_sepolicy\.cil   u:object_r:sepolicy_file:s0
+/nonplat_sepolicy\.cil   u:object_r:sepolicy_file:s0
+/plat_sepolicy\.cil      u:object_r:sepolicy_file:s0
 /plat_property_contexts  u:object_r:property_contexts_file:s0
 /nonplat_property_contexts  u:object_r:property_contexts_file:s0
 /seapp_contexts     u:object_r:seapp_contexts_file:s0
 /nonplat_seapp_contexts     u:object_r:seapp_contexts_file:s0
 /plat_seapp_contexts     u:object_r:seapp_contexts_file:s0
-/sepolicy           u:object_r:rootfs:s0
+/sepolicy           u:object_r:sepolicy_file:s0
 /plat_service_contexts   u:object_r:service_contexts_file:s0
 /nonplat_service_contexts   u:object_r:service_contexts_file:s0
 
@@ -253,15 +253,21 @@
 /system/etc/selinux/plat_service_contexts  u:object_r:service_contexts_file:s0
 /system/etc/selinux/plat_file_contexts  u:object_r:file_contexts_file:s0
 /system/etc/selinux/plat_seapp_contexts  u:object_r:seapp_contexts_file:s0
+/system/etc/selinux/plat_sepolicy.cil       u:object_r:sepolicy_file:s0
+/system/etc/selinux/plat_sepolicy.cil.sha256 u:object_r:sepolicy_file:s0
 
 #############################
 # Vendor files
 #
 /vendor(/.*)?		u:object_r:system_file:s0
+/vendor/etc/selinux/mapping_sepolicy.cil       u:object_r:sepolicy_file:s0
 /vendor/etc/selinux/nonplat_property_contexts   u:object_r:property_contexts_file:s0
 /vendor/etc/selinux/nonplat_service_contexts    u:object_r:service_contexts_file:s0
 /vendor/etc/selinux/nonplat_file_contexts   u:object_r:file_contexts_file:s0
 /vendor/etc/selinux/nonplat_seapp_contexts    u:object_r:seapp_contexts_file:s0
+/vendor/etc/selinux/nonplat_sepolicy.cil       u:object_r:sepolicy_file:s0
+/vendor/etc/selinux/precompiled_sepolicy        u:object_r:sepolicy_file:s0
+/vendor/etc/selinux/precompiled_sepolicy.plat.sha256 u:object_r:sepolicy_file:s0
 
 #############################
 # OEM and ODM files
diff --git a/public/file.te b/public/file.te
index 27937f4ec96581552f47ba8c27ec0da6cac18ab8..bc54c347f16ab3385bc51cb4db78435bd6d8a0da 100644
--- a/public/file.te
+++ b/public/file.te
@@ -265,6 +265,9 @@ type property_contexts_file, file_type;
 # seapp_contexts file
 type seapp_contexts_file, file_type;
 
+# sepolicy files binary and others
+type sepolicy_file, file_type;
+
 # service_contexts file
 type service_contexts_file, file_type;
 
diff --git a/public/init.te b/public/init.te
index 4aa1349e1a4ace1659909ccd1bdad554b1022459..4af41ec978db4f9e72160665050d46ce89365341 100644
--- a/public/init.te
+++ b/public/init.te
@@ -302,6 +302,9 @@ allow init self:process { setexec setfscreate setsockcreate };
 # Get file context
 allow init file_contexts_file:file r_file_perms;
 
+# sepolicy access
+allow init sepolicy_file:file r_file_perms;
+
 # Perform SELinux access checks on setting properties.
 selinux_check_access(init)