diff --git a/init.te b/init.te
index e55bc96317fbc1dd78993661935e82291e93593d..eb15d288ddc7ee1cc4b337aee4dafe9886464a32 100644
--- a/init.te
+++ b/init.te
@@ -20,6 +20,9 @@ allow init properties_serial:file { write relabelto };
 allow init property_type:file { create_file_perms relabelto };
 # /dev/socket
 allow init { device socket_device }:dir relabelto;
+# /dev/random, /dev/urandom
+allow init random_device:chr_file relabelto;
+allow init urandom_device:chr_file relabelto;
 # /dev/device-mapper, /dev/block(/.*)?
 allow init tmpfs:{ chr_file blk_file } relabelfrom;
 allow init tmpfs:blk_file getattr;