diff --git a/file.te b/file.te
index 644490e85a738d9dac5acb893b56c9e72517bf83..43cacbb7508423269666e7d36b2a5b80a55d4014 100644
--- a/file.te
+++ b/file.te
@@ -25,6 +25,7 @@ type sysfs, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
 type sysfs_mac_address, fs_type, sysfs_type;
diff --git a/file_contexts b/file_contexts
index 200bfb3111aead193c502138717b28912c987a99..9ffc3c3eed6703c020548c568518ca8894a1d6a8 100644
--- a/file_contexts
+++ b/file_contexts
@@ -359,6 +359,7 @@
 /sys/devices/system/cpu(/.*)?    u:object_r:sysfs_devices_system_cpu:s0
 /sys/devices/virtual/block/zram\d+(/.*)?     u:object_r:sysfs_zram:s0
 /sys/devices/virtual/block/zram\d+/uevent    u:object_r:sysfs_zram_uevent:s0
+/sys/devices/virtual/misc/hw_random(/.*)?    u:object_r:sysfs_hwrandom:s0
 /sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
 /sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0
diff --git a/ueventd.te b/ueventd.te
index 9eb2b1a56500c9d9cadde06e3959c7325c7cee87..fb726631942573b5f72aa25d3c4fd933eaf31c14 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -14,6 +14,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
+allow ueventd sysfs_hwrandom:file w_file_perms;
 allow ueventd sysfs_zram_uevent:file w_file_perms;
 allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
 allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
diff --git a/untrusted_app.te b/untrusted_app.te
index 4ec7b6c69e593ab8ecce1c6239fe97cf39967bc5..34e592981590d5ad143ca9fdc3ec659ee474d402 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -102,6 +102,10 @@ allow untrusted_app proc:file r_file_perms;
 # access /proc/net/xt_qtguid/stats
 r_dir_file(untrusted_app, proc_net)
 
+# Cts: HwRngTest
+allow untrusted_app sysfs_hwrandom:dir search;
+allow untrusted_app sysfs_hwrandom:file r_file_perms;
+
 ###
 ### neverallow rules
 ###