diff --git a/file.te b/file.te
index cb184e31d31b6980f4c9ede266f91e479c182ae3..3ca9fd7b22963707735ca64b7b6745a5ea067f99 100644
--- a/file.te
+++ b/file.te
@@ -60,6 +60,7 @@ type bluetooth_data_file, file_type, data_file_type;
 type camera_data_file, file_type, data_file_type;
 type keystore_data_file, file_type, data_file_type;
 type media_data_file, file_type, data_file_type;
+type media_rw_data_file, file_type, data_file_type;
 type nfc_data_file, file_type, data_file_type;
 type radio_data_file, file_type, data_file_type;
 type systemkeys_data_file, file_type, data_file_type;
diff --git a/file_contexts b/file_contexts
index 9df91cd10421a7b0b4336c0040b7cf9b160da130..817c0e02120f27cc61dfd9fbfc52953f68067bc3 100644
--- a/file_contexts
+++ b/file_contexts
@@ -170,6 +170,7 @@
 /data/app-private/vmdl.*\.tmp	u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
+/data/media(/.*)?	u:object_r:media_rw_data_file:s0
 
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
diff --git a/platform_app.te b/platform_app.te
index 1e89760e0a045c9165f96e8223d41a366884f182..5a0167e10bcae66bfaeb83ffbc96ff511e8441f6 100644
--- a/platform_app.te
+++ b/platform_app.te
@@ -39,3 +39,6 @@ allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_
 # App sdcard file accesses
 allow platformappdomain sdcard_type:dir create_dir_perms;
 allow platformappdomain sdcard_type:file create_file_perms;
+# Access to /data/media.
+allow platformappdomain media_rw_data_file:dir create_dir_perms;
+allow platformappdomain media_rw_data_file:file create_file_perms;
diff --git a/sdcardd.te b/sdcardd.te
index 25d12463a2fadbdb6638d8e67c039fb6eba86d4f..f9e72b7ac4c9273480d8e421487108ebddde960d 100644
--- a/sdcardd.te
+++ b/sdcardd.te
@@ -3,3 +3,7 @@ type sdcardd_exec, exec_type, file_type;
 
 init_daemon_domain(sdcardd)
 unconfined_domain(sdcardd)
+
+type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
+allow sdcardd media_rw_data_file:dir create_dir_perms;
+allow sdcardd media_rw_data_file:file create_file_perms;