diff --git a/file.te b/file.te
index a2f2811ce41429a7aba9278d587459dc87a6a600..701d99107b1c339555f8966cdef4ceedaf84d94c 100644
--- a/file.te
+++ b/file.te
@@ -30,6 +30,8 @@ type sysfs_mac_address, fs_type, sysfs_type;
 type sysfs_devices_system_cpu, fs_type, sysfs_type;
 # /sys/module/lowmemorykiller
 type sysfs_lowmemorykiller, fs_type, sysfs_type;
+type sysfs_zram, fs_type, sysfs_type;
+type sysfs_zram_uevent, fs_type, sysfs_type;
 type inotify, fs_type, mlstrustedobject;
 type devpts, fs_type, mlstrustedobject;
 type tmpfs, fs_type;
diff --git a/file_contexts b/file_contexts
index 76d514558a4801002556b85545e6b5bab7f08b6f..0201a6d5748286765feff401ba6a6061af10fdba 100644
--- a/file_contexts
+++ b/file_contexts
@@ -322,6 +322,8 @@
 #
 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
 /sys/devices/system/cpu(/.*)?    u:object_r:sysfs_devices_system_cpu:s0
+/sys/devices/virtual/block/zram\d+(/.*)?     u:object_r:sysfs_zram:s0
+/sys/devices/virtual/block/zram\d+/uevent    u:object_r:sysfs_zram_uevent:s0
 /sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
 /sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0
diff --git a/init.te b/init.te
index 555fc30a76ca87243c3c357f53f34324221cc75a..24fdee8673d34849d8587a170c1ffd5c95f2e4fb 100644
--- a/init.te
+++ b/init.te
@@ -157,6 +157,9 @@ allow init self:capability sys_boot;
 allow init sysfs_type:dir r_dir_perms;
 allow init sysfs_type:file w_file_perms;
 
+# disksize
+allow init sysfs_zram:file getattr;
+
 # Transitions to seclabel processes in init.rc
 domain_trans(init, rootfs, adbd)
 domain_trans(init, rootfs, healthd)
diff --git a/priv_app.te b/priv_app.te
index 6617feb0195105a0540bfa020e9def2db3c4b5a8..59b4ea0ca24f10d9031e4c679a4d522ad34a6da5 100644
--- a/priv_app.te
+++ b/priv_app.te
@@ -68,6 +68,10 @@ allow priv_app exec_type:file getattr;
 allow priv_app vold:fd use;
 allow priv_app fuse_device:chr_file { read write };
 
+# /sys access
+allow priv_app sysfs_zram:dir search;
+allow priv_app sysfs_zram:file r_file_perms;
+
 ###
 ### neverallow rules
 ###
diff --git a/system_app.te b/system_app.te
index de9146c5e2afef79d774c347657bff3290c2e6e3..e3666d2109d17d98b45af1f7aeb3ffd8b593e87b 100644
--- a/system_app.te
+++ b/system_app.te
@@ -73,4 +73,8 @@ allow system_app keystore:keystore_key {
 	user_changed
 };
 
+# /sys access
+allow system_app sysfs_zram:dir search;
+allow system_app sysfs_zram:file r_file_perms;
+
 control_logd(system_app)
diff --git a/system_server.te b/system_server.te
index 2a1d761c56baaa131ae17ba5a9da000226a1a4e9..bc861e77a8f3dc7e0893b52ced9a0d7f278d8f5f 100644
--- a/system_server.te
+++ b/system_server.te
@@ -369,6 +369,10 @@ allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };
 allow system_server pstorefs:dir r_dir_perms;
 allow system_server pstorefs:file r_file_perms;
 
+# /sys access
+allow system_server sysfs_zram:dir search;
+allow system_server sysfs_zram:file r_file_perms;
+
 allow system_server drmserver_service:service_manager find;
 allow system_server healthd_service:service_manager find;
 allow system_server keystore_service:service_manager find;
diff --git a/ueventd.te b/ueventd.te
index 04a18a303db0babe5b3455ac6ce7389d40f533d7..9eb2b1a56500c9d9cadde06e3959c7325c7cee87 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -14,6 +14,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
+allow ueventd sysfs_zram_uevent:file w_file_perms;
 allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
 allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
diff --git a/vold.te b/vold.te
index 35e502f3d679784718dc97b255757a10df275215..cb1f92559758f716a23d4b9f9fca1bf8fe333911 100644
--- a/vold.te
+++ b/vold.te
@@ -167,6 +167,10 @@ allow vold storage_file:dir mounton;
 # For AppFuse.
 allow vold fuse_device:chr_file rw_file_perms;
 
+# coldboot of /sys/block
+allow vold sysfs_zram:dir r_dir_perms;
+allow vold sysfs_zram_uevent:file rw_file_perms;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;