diff --git a/app.te b/app.te
index 81c6a53434425277e9ad2f7cd15f17598f2062e6..fb2fb6dd94917d2e378901aaee382ae320a2ec06 100644
--- a/app.te
+++ b/app.te
@@ -191,8 +191,10 @@ neverallow { appdomain -unconfineddomain } {
 }:chr_file { read write };
 
 # Note: Try expanding list of app domains in the future.
-neverallow { untrusted_app isolated_app shell -unconfineddomain }
-    graphics_device:chr_file { read write };
+neverallow { untrusted_app isolated_app shell -unconfineddomain } {
+    adf_device
+    graphics_device
+}:chr_file { read write };
 
 neverallow { appdomain -nfc -unconfineddomain } nfc_device:chr_file
     { read write };
diff --git a/device.te b/device.te
index e9b7e515a482fefe995a996e03a5710b97c505f0..bf7b2e7d2fe59278309aee0a6c060ba1d6a4ef46 100644
--- a/device.te
+++ b/device.te
@@ -2,6 +2,7 @@
 type device, dev_type, fs_type;
 type alarm_device, dev_type, mlstrustedobject;
 type adb_device, dev_type;
+type adf_device, dev_type;
 type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
diff --git a/file_contexts b/file_contexts
index b4ec8e833247a1cf8d611d15291c27fd977a361e..ce263905988044865e52b541a605277b3bdec899 100644
--- a/file_contexts
+++ b/file_contexts
@@ -31,6 +31,9 @@
 /dev(/.*)?		u:object_r:device:s0
 /dev/akm8973.*		u:object_r:sensors_device:s0
 /dev/accelerometer	u:object_r:sensors_device:s0
+/dev/adf[0-9]*		u:object_r:adf_device:s0
+/dev/adf-interface[0-9]*\.[0-9]*	u:object_r:adf_device:s0
+/dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:adf_device:s0
 /dev/alarm		u:object_r:alarm_device:s0
 /dev/android_adb.*	u:object_r:adb_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
diff --git a/healthd.te b/healthd.te
index cfdb756a7126f8760eec914ef51ed384986eb2af..224090edf88799b180fc20319f30cc8d206771c5 100644
--- a/healthd.te
+++ b/healthd.te
@@ -23,6 +23,7 @@ allow healthd sysfs:file write;
 ### healthd: charger mode
 ###
 
+allow healthd adf_device:chr_file rw_file_perms;
 allow healthd graphics_device:dir r_dir_perms;
 allow healthd graphics_device:chr_file rw_file_perms;
 allow healthd input_device:dir r_dir_perms;
diff --git a/surfaceflinger.te b/surfaceflinger.te
index 1fc18dbf27bffdce0a105760df597c4035c267a4..3be2c1b12ea165359a249e7800c214188a9ed00c 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -30,6 +30,9 @@ allow surfaceflinger gpu_device:chr_file rw_file_perms;
 allow surfaceflinger graphics_device:dir search;
 allow surfaceflinger graphics_device:chr_file rw_file_perms;
 
+# Access ADF device nodes.
+allow surfaceflinger adf_device:chr_file rw_file_perms;
+
 # Access /dev/video1.
 allow surfaceflinger video_device:dir r_dir_perms;
 allow surfaceflinger video_device:chr_file rw_file_perms;