diff --git a/adbd.te b/adbd.te
index 27ffdd845fac94dacb386adc5c002c6b6c6d6db6..cd5df2a80c44deceb8bfbae8d7d2977f5c5ba5a9 100644
--- a/adbd.te
+++ b/adbd.te
@@ -102,5 +102,7 @@ allow adbd mnt_user_file:dir r_dir_perms;
 allow adbd mnt_user_file:lnk_file r_file_perms;
 
 # Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
 allow adbd media_rw_data_file:dir create_dir_perms;
 allow adbd media_rw_data_file:file create_file_perms;
diff --git a/kernel.te b/kernel.te
index 20b0c0a30aa96d89d2926e405ff674b76aae2294..1ca5673f04391258f2fa8b6a58d08ec195803f6c 100644
--- a/kernel.te
+++ b/kernel.te
@@ -65,6 +65,12 @@ allow kernel asec_image_file:file read;
 
 domain_auto_trans(kernel, init_exec, init)
 
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow kernel media_rw_data_file:dir create_dir_perms;
+allow kernel media_rw_data_file:file create_file_perms;
+
 ###
 ### neverallow rules
 ###
diff --git a/mediaserver.te b/mediaserver.te
index 86164033a75727ae35d56d92438ce6f4f6a592e9..c6ec3ff2e79f983abba30d9c72dfbdc7cc2c2bcb 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -124,6 +124,12 @@ allow mediaserver drmserver:drmservice {
 allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
 
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow mediaserver media_rw_data_file:dir create_dir_perms;
+allow mediaserver media_rw_data_file:file create_file_perms;
+
 ###
 ### neverallow rules
 ###
diff --git a/shell.te b/shell.te
index fc5c2768b2529c3a6597dbf0f00cef45dbee1352..a304673a0929a09d41f5a313d3f4e80a9aaaf8b7 100644
--- a/shell.te
+++ b/shell.te
@@ -123,6 +123,8 @@ allow shell sysfs:dir r_dir_perms;
 allow shell ion_device:chr_file rw_file_perms;
 
 # Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
 allow shell media_rw_data_file:dir create_dir_perms;
 allow shell media_rw_data_file:file create_file_perms;