diff --git a/domain.te b/domain.te
index bc5523798467e020074816ef03dab5947d0a7362..d835ee940e59c9c32028c156e3d37f336f709b5b 100644
--- a/domain.te
+++ b/domain.te
@@ -180,7 +180,7 @@ neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;
 
 # Limit device node creation to these whitelisted domains.
-neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt } self:capability mknod;
+neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod;
 
 # Limit raw I/O to these whitelisted domains.
 neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio;
diff --git a/init.te b/init.te
index 8b0ab422d876af02133f1f7083b25945e1c6c9cf..14e9f80652e9465ec2c6434ad00127d110bc6b5a 100644
--- a/init.te
+++ b/init.te
@@ -140,6 +140,7 @@ allow init sysfs_type:file w_file_perms;
 # Transitions to seclabel processes in init.rc
 domain_trans(init, rootfs, adbd)
 domain_trans(init, rootfs, healthd)
+domain_trans(init, rootfs, slideshow)
 recovery_only(`
   domain_trans(init, rootfs, recovery)
 ')
diff --git a/slideshow.te b/slideshow.te
new file mode 100644
index 0000000000000000000000000000000000000000..1a22fb55ceb3413f6c76e9cdc2bf7c50cb8b1f52
--- /dev/null
+++ b/slideshow.te
@@ -0,0 +1,13 @@
+# slideshow seclabel is specified in init.rc since
+# it lives in the rootfs and has no unique file type.
+type slideshow, domain;
+
+write_klog(slideshow)
+allow slideshow device:dir r_dir_perms;
+allow slideshow self:capability { mknod sys_tty_config };
+allow slideshow graphics_device:dir r_dir_perms;
+allow slideshow graphics_device:chr_file rw_file_perms;
+allow slideshow input_device:dir r_dir_perms;
+allow slideshow input_device:chr_file r_file_perms;
+allow slideshow tty_device:chr_file rw_file_perms;
+