diff --git a/app.te b/app.te
index c55f4e07fdc54b247301741c237e3af3b3e09a8c..0866e95488cfd12f4619cf9b270ffd8db2c38e57 100644
--- a/app.te
+++ b/app.te
@@ -42,7 +42,9 @@ allow media_app cache_file:file create_file_perms;
 # Access sdcard.
 allow media_app sdcard:dir create_dir_perms;
 allow media_app sdcard:file create_file_perms;
-
+# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
+allow media_app qtaguid_proc:file rw_file_perms;
+allow media_app qtaguid_device:chr_file r_file_perms;
 # Apps signed with the shared key.
 type shared_app, domain;
 app_domain(shared_app)
@@ -141,7 +143,7 @@ allow appdomain anr_data_file:dir search;
 allow appdomain anr_data_file:file { open append };
 
 # Write to /proc/net/xt_qtaguid/ctrl file.
-allow appdomain qtaguid:file write;
+allow appdomain qtaguid_proc:file write;
 
 # Use the Binder.
 binder_use(appdomain)
diff --git a/device.te b/device.te
index c9098e9d90fcd1a0822bf6a5dc9e05d7f0283a5d..7818ce870313fdda7c33afd0bd35cddc25cbae9c 100644
--- a/device.te
+++ b/device.te
@@ -40,6 +40,7 @@ type zero_device, dev_type;
 type fuse_device, dev_type;
 type ion_device, dev_type;
 type gps_device, dev_type;
+type qtaguid_device, dev_type;
 
 # All devices have a uart for the hci
 # attach service. The uart dev node
diff --git a/file.te b/file.te
index e5c8502396f280d135505977178a68f60de7921e..9af8ca52653de448e0f365c4e1b0ae8dd2f115fb 100644
--- a/file.te
+++ b/file.te
@@ -4,7 +4,7 @@ type pipefs, fs_type;
 type sockfs, fs_type;
 type rootfs, fs_type;
 type proc, fs_type;
-type qtaguid, fs_type, mlstrustedobject;
+type qtaguid_proc, fs_type, mlstrustedobject;
 type selinuxfs, fs_type;
 type cgroup, fs_type, mlstrustedobject;
 type sysfs, fs_type, mlstrustedobject;
diff --git a/file_contexts b/file_contexts
index 39c436376e41ca74a2a52053bb64523db5f00ded..f7abbb76c27b57d029e26d4fce7659573f43deba 100644
--- a/file_contexts
+++ b/file_contexts
@@ -77,6 +77,7 @@
 /dev/urandom		u:object_r:urandom_device:s0
 /dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0
+/dev/xt_qtaguid	u:object_r:qtaguid_device:s0
 /dev/zero		u:object_r:zero_device:s0
 #############################
 # System files
diff --git a/genfs_contexts b/genfs_contexts
index 103136cf3e01878a3cd95f23e155bd73870e9422..ff633a76be5fb0c4faa793385d4693f931a1d090 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -2,7 +2,7 @@
 genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
-genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0
 genfscon cgroup / u:object_r:cgroup:s0
diff --git a/mediaserver.te b/mediaserver.te
index 8d37fb7e0b329321216a483554663d6e33ca5802..057e39dc196764af0c601ec1a5c92881b34e967b 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -35,3 +35,7 @@ allow mediaserver system:fifo_file r_file_perms;
 # Camera calibration
 allow mediaserver camera_calibration_file:dir r_dir_perms;
 allow mediaserver camera_calibration_file:file r_file_perms;
+
+# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
+allow mediaserver qtaguid_proc:file rw_file_perms;
+allow mediaserver qtaguid_device:chr_file r_file_perms;
diff --git a/system.te b/system.te
index 04ff84c0e5f48243df10cc4351acc7e2c4d14781..a4065cf3a59d130a2f657435d2fc218bba535e6c 100644
--- a/system.te
+++ b/system.te
@@ -89,7 +89,8 @@ allow system appdomain:dir r_dir_perms;
 allow system appdomain:{ file lnk_file } rw_file_perms;
 
 # Write to /proc/net/xt_qtaguid/ctrl.
-allow system qtaguid:file rw_file_perms;
+allow system qtaguid_proc:file rw_file_perms;
+allow system qtaguid_device:chr_file rw_file_perms;
 
 # Notify init of death.
 allow system init:process sigchld;