diff --git a/recovery.te b/recovery.te
new file mode 100644
index 0000000000000000000000000000000000000000..a52b2b54675f0901cffeb0fe799304a333dbfa53
--- /dev/null
+++ b/recovery.te
@@ -0,0 +1,11 @@
+# recovery console (used in recovery init.rc for /sbin/recovery)
+type recovery, domain;
+allow recovery rootfs:file entrypoint;
+unconfined_domain(recovery)
+relabelto_domain(recovery)
+
+allow recovery {fs_type dev_type -kmem_device file_type}:dir_file_class_set relabelto;
+allow recovery unlabeled:filesystem mount;
+
+allow recovery self:process execmem;
+allow recovery cache_file:file rx_file_perms;