diff --git a/private/file_contexts b/private/file_contexts
index 3209073a863bf52a971ebbf352afd5af2c9637b7..0ca1c5880b3053c2e7c2410b9c3cf3b23e3bcc7b 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -434,9 +434,13 @@
 #############################
 # debugfs files
 #
-/sys/kernel/debug/mmc0(/.*)?             u:object_r:debugfs_mmc:s0
-/sys/kernel/debug/tracing(/.*)?          u:object_r:debugfs_tracing:s0
-/sys/kernel/debug/tracing/trace_marker   u:object_r:debugfs_trace_marker:s0
+/sys/kernel/debug/mmc0(/.*)?                            u:object_r:debugfs_mmc:s0
+/sys/kernel/debug/tracing(/.*)?				u:object_r:debugfs_tracing:s0
+/sys/kernel/debug/tracing/trace_marker			u:object_r:debugfs_trace_marker:s0
+/sys/kernel/debug/tracing/instances(/.*)?		u:object_r:debugfs_tracing_instances:s0
+/sys/kernel/debug/tracing/instances/wifi/free_buffer	u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel/debug/tracing/instances/wifi/trace		u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel/debug/tracing/instances/wifi/tracing_on	u:object_r:debugfs_wifi_tracing:s0
 
 #############################
 # asec containers
diff --git a/public/file.te b/public/file.te
index 4b27c889d24e6e270a4c6b10fbbae388e36a5064..d1497f5722ebeb2d67ac11fcdcc113230dadbc78 100644
--- a/public/file.te
+++ b/public/file.te
@@ -62,6 +62,8 @@ type debugfs, fs_type;
 type debugfs_mmc, fs_type, debugfs_type;
 type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
 type debugfs_tracing, fs_type, debugfs_type;
+type debugfs_tracing_instances, fs_type, debugfs_type;
+type debugfs_wifi_tracing, fs_type, debugfs_type;
 type pstorefs, fs_type;
 type functionfs, fs_type, mlstrustedobject;
 type oemfs, fs_type, contextmount_type;
diff --git a/public/init.te b/public/init.te
index c858f8f0af2f0a98083d17bb361773adc93378bd..a6fa6d7c8ebbe2cc29e4f8be32421d283bdcd142 100644
--- a/public/init.te
+++ b/public/init.te
@@ -180,6 +180,13 @@ allow init dev_type:lnk_file create;
 # Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
 allow init debugfs_tracing:file w_file_perms;
 
+userdebug_or_eng(`
+  # Setup and control wifi event tracing (see wifi-events.rc)
+  allow init debugfs_tracing_instances:dir create_dir_perms;
+  allow init debugfs_tracing_instances:file w_file_perms;
+  allow init debugfs_wifi_tracing:file w_file_perms;
+')
+
 # chown/chmod on pseudo files.
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:file { open read setattr };
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
diff --git a/public/system_server.te b/public/system_server.te
index d2e6ade808224058ae112fc3888b00d4c42b4667..2cf511f23df6405e75b015176e419e4ee7317e1a 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -603,6 +603,12 @@ r_dir_file(system_server, sysfs_type)
 # Allow system_server to make binder calls to hwservicemanager
 binder_call(system_server, hwservicemanager)
 
+userdebug_or_eng(`
+  # Allow WifiService to start, stop, and read wifi-specific trace events.
+  allow system_server debugfs_tracing_instances:dir search;
+  allow system_server debugfs_wifi_tracing:file rw_file_perms;
+')
+
 ###
 ### Neverallow rules
 ###