diff --git a/private/e2fs.te b/private/e2fs.te
new file mode 100644
index 0000000000000000000000000000000000000000..add1cc2a4c7f625b53947596f05fd1fb33b65654
--- /dev/null
+++ b/private/e2fs.te
@@ -0,0 +1,14 @@
+type e2fs, domain, coredomain;
+
+allow e2fs block_device:blk_file getattr;
+allow e2fs block_device:dir search;
+allow e2fs userdata_block_device:blk_file rw_file_perms;
+
+# access /proc/filesystems
+allow e2fs proc:file r_file_perms;
+
+# access /sys/fs/ext4/features
+allow e2fs sysfs_fs_ext4_features:file r_file_perms;
+
+# access sselinux context files
+allow e2fs file_contexts_file:file { getattr open read };
diff --git a/private/file_contexts b/private/file_contexts
index d35d47dda013ec34cc7d7c3718f68850fa1eb897..8faa6cd63dc4ff0c5dd30f5175d1720d78997219 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -17,6 +17,8 @@
 /charger            u:object_r:rootfs:s0
 /init               u:object_r:init_exec:s0
 /sbin(/.*)?         u:object_r:rootfs:s0
+/sbin/e2fsdroid     u:object_r:e2fs_exec:s0
+/sbin/mke2fs        u:object_r:e2fs_exec:s0
 
 # For kernel modules
 /lib(/.*)?          u:object_r:rootfs:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 54e9a2c40c0b6335d12e48e7e6b902343ba7ca6f..3914cec7d03874d625d69d837f38ddc9370bbfd0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -56,6 +56,7 @@ genfscon sysfs /devices/virtual/block/zram1     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram0/uevent    u:object_r:sysfs_zram_uevent:s0
 genfscon sysfs /devices/virtual/block/zram1/uevent    u:object_r:sysfs_zram_uevent:s0
 genfscon sysfs /devices/virtual/misc/hw_random    u:object_r:sysfs_hwrandom:s0
+genfscon sysfs /fs/ext4/features                  u:object_r:sysfs_fs_ext4_features:s0
 genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
 genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
 genfscon sysfs /kernel/uevent_helper u:object_r:usermodehelper:s0
diff --git a/private/init.te b/private/init.te
index 726f1381c8158fcf71df8a195201b5adb03c11a7..5c23f66f10f8d0f98b287a67cec1237bd220494b 100644
--- a/private/init.te
+++ b/private/init.te
@@ -6,6 +6,7 @@ tmpfs_domain(init)
 domain_trans(init, rootfs, charger)
 domain_trans(init, rootfs, healthd)
 domain_trans(init, rootfs, slideshow)
+domain_auto_trans(init, e2fs_exec, e2fs)
 recovery_only(`
   domain_trans(init, rootfs, adbd)
   domain_trans(init, rootfs, recovery)
diff --git a/public/e2fs.te b/public/e2fs.te
new file mode 100644
index 0000000000000000000000000000000000000000..ecb25a2cfd0333583b006ee6df173f5eef2da792
--- /dev/null
+++ b/public/e2fs.te
@@ -0,0 +1 @@
+type e2fs_exec, exec_type, file_type;
diff --git a/public/file.te b/public/file.te
index 18e43347aa7cf1c387f76c18405a837040e1974f..a525090cfd4dd299ee3f94c27babd1725a77024b 100644
--- a/public/file.te
+++ b/public/file.te
@@ -42,6 +42,7 @@ type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
 type sysfs_mac_address, fs_type, sysfs_type;
 type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
+type sysfs_fs_ext4_features, sysfs_type, fs_type;
 type configfs, fs_type;
 # /sys/devices/system/cpu
 type sysfs_devices_system_cpu, fs_type, sysfs_type;