diff --git a/device.te b/device.te
index e9b7e515a482fefe995a996e03a5710b97c505f0..42d15e3bb91463463610450d7f7efb5a13988eed 100644
--- a/device.te
+++ b/device.te
@@ -64,3 +64,6 @@ type rpmsg_device, dev_type;
 
 # Partition layout block device
 type root_block_device, dev_type;
+
+# Persistent data block device
+type persistent_data_block_device, dev_type;
diff --git a/system_server.te b/system_server.te
index db82029e13e1a67077d4348886f0a0dc6b3e3be8..a049e3525885471953cb1c289afb4b8fe515266d 100644
--- a/system_server.te
+++ b/system_server.te
@@ -380,6 +380,11 @@ allow system_server keystore:keystore_key {
 	clear_uid
 };
 
+# Allow system server to search and write to the persistent data block device
+# This block device does not get wiped in a factory reset.
+allow system_server persistent_data_block_device:blk_file rw_file_perms;
+allow system_server block_device:dir search;
+
 ###
 ### Neverallow rules
 ###