diff --git a/domain.te b/domain.te
index e2779726719709ac69ae5ccdbdca93363de690f5..5464d86f0669b89ac207251553615ba20626ec23 100644
--- a/domain.te
+++ b/domain.te
@@ -150,11 +150,18 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
 #
 allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
 allow domain unlabeled:dir { create_dir_perms relabelfrom };
-auditallow { domain -init -installd } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
-auditallow { domain -init -kernel -installd } unlabeled:dir { create_dir_perms relabelfrom };
+auditallow { domain -init -installd -vold -system_server } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
+auditallow { domain -init -kernel -installd -vold -system_server } unlabeled:dir { create_dir_perms relabelfrom };
 auditallow kernel unlabeled:dir ~search;
-auditallow installd unlabeled:dir ~{ getattr search relabelfrom };
-auditallow installd unlabeled:notdevfile_class_set ~{ getattr relabelfrom };
+auditallow installd unlabeled:dir ~{ getattr search relabelfrom rw_dir_perms rmdir };
+auditallow installd unlabeled:file ~{ r_file_perms getattr relabelfrom rename unlink setattr };
+auditallow installd unlabeled:{ lnk_file sock_file fifo_file } ~{ getattr relabelfrom rename unlink setattr };
+auditallow vold unlabeled:dir ~{ r_dir_perms setattr relabelfrom };
+auditallow vold unlabeled:file ~{ r_file_perms setattr relabelfrom };
+auditallow vold unlabeled:{ lnk_file sock_file fifo_file } { create_file_perms relabelfrom };
+auditallow system_server unlabeled:dir ~r_dir_perms;
+auditallow system_server unlabeled:file ~r_file_perms;
+auditallow system_server unlabeled:{ lnk_file sock_file fifo_file } { create_file_perms relabelfrom };
 
 ###
 ### neverallow rules