diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 706c84a9..c0ed4fe8 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -55,3 +55,10 @@
 
 # bash
 /system/xbin/bash                               u:object_r:shell_exec:s0
+
+# emulated storage via sdcardfs
+/mnt/runtime/(default|read|write)/emulated/[0-9](/.*)?  u:object_r:media_rw_data_file:s0
+/storage/emulated/[0-9](/.*)?                           u:object_r:media_rw_data_file:s0
+/mnt/shell/emulated/([1-9])?[0-9](/.*)?                 u:object_r:media_rw_data_file:s0
+/data/media\.tmp(/.*)?                                  u:object_r:media_rw_data_file:s0
+
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 6aaf50c6..39ee9356 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -7,3 +7,5 @@ allow system_server persist_property_file:dir rw_dir_perms;
 allow system_server persist_property_file:file { create_file_perms unlink };
 
 allow system_server storage_stub_file:dir { getattr };
+
+allow system_server media_rw_data_file:dir r_dir_perms;