diff --git a/adbd.te b/adbd.te
index f5cebd26958bae06a3bcde0a30260414f84972a5..c80dba430176fabb94aa5e5a8faa30f729c7242a 100644
--- a/adbd.te
+++ b/adbd.te
@@ -80,3 +80,5 @@ allow adbd system_file:file r_file_perms;
 allow adbd kernel:security read_policy;
 
 allow adbd surfaceflinger_service:service_manager find;
+allow adbd bootchart_data_file:dir search;
+allow adbd bootchart_data_file:file r_file_perms;
diff --git a/file.te b/file.te
index ae1079c4f8a280a6ff784c42bee9f57aa9765a96..a0173831e014376889b79245f003bd68813e2c9e 100644
--- a/file.te
+++ b/file.te
@@ -79,6 +79,8 @@ type shell_data_file, file_type, data_file_type, mlstrustedobject;
 type gps_data_file, file_type, data_file_type;
 # /data/property
 type property_data_file, file_type, data_file_type;
+# /data/bootchart
+type bootchart_data_file, file_type, data_file_type;
 
 # /data/misc subdirectories
 type adb_keys_file, file_type, data_file_type;
diff --git a/file_contexts b/file_contexts
index 04fa4c729d93deb43607cfc8b4220191fd322893..d51047686954be165abd302f7234b2a3540baef2 100644
--- a/file_contexts
+++ b/file_contexts
@@ -227,6 +227,9 @@
 /data/misc/wifi/hostapd(/.*)?   u:object_r:wpa_socket:s0
 /data/misc/zoneinfo(/.*)?       u:object_r:zoneinfo_data_file:s0
 
+# Bootchart data
+/data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
+
 # coredump directory for userdebug/eng devices
 /cores(/.*)?                    u:object_r:coredump_file:s0
 
diff --git a/init.te b/init.te
index 1283ec70938c08d1b49df9efb617782320407e09..d81f5afb67f9696fc05f512858202a73ae8243ce 100644
--- a/init.te
+++ b/init.te
@@ -1,5 +1,5 @@
 # init switches to init domain (via init.rc).
-type init, domain;
+type init, domain, mlstrustedsubject;
 permissive_or_unconfined(init)
 tmpfs_domain(init)
 
@@ -164,6 +164,11 @@ allow init shell_data_file:file { getattr };
 # Set UID and GID for services.
 allow init self:capability { setuid setgid };
 
+# For bootchart to read the /proc/$pid/cmdline file of each process,
+# we need to have following line to allow init to have access
+# to different domains.
+r_dir_file(init, domain)
+
 # Use setexeccon(), setfscreatecon(), and setsockcreatecon().
 # setexec is for services with seclabel options.
 # setfscreate is for labeling directories and socket files.
diff --git a/shell.te b/shell.te
index 6af371722402354f0cb4715d2b05e9b219c86f83..d31a496e1fca67365a876811fc1558a1d43b3a95 100644
--- a/shell.te
+++ b/shell.te
@@ -64,3 +64,9 @@ allow shell service_manager_type:service_manager find;
 # allow shell to look through /proc/ for ps, top
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };
+
+# enable shell domain to read/write files/dirs for bootchart data
+# User will creates the start and stop file via adb shell
+# and read other files created by init process under /data/bootchart
+allow shell bootchart_data_file:dir rw_dir_perms;
+allow shell bootchart_data_file:file create_file_perms;