diff --git a/sepolicy/file.te b/sepolicy/file.te
index 44f94785..d44a050d 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -8,3 +8,6 @@ type theme_data_file, file_type, data_file_type;
 
 # Performance settings
 type sysfs_devices_system_iosched, file_type, sysfs_type;
+
+# Recovery's "cache"
+type recovery_cache_file, file_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 7ca945a9..7999ccd9 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,5 +1,7 @@
 /cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
 
+/cache/recovery(/.*)?     u:object_r:recovery_cache_file:s0
+
 # Auditd is a logging daemon. Put it into logd's context
 /system/bin/auditd        u:object_r:logd_exec:s0
 /data/misc/audit(/.*)?    u:object_r:auditd_log:s0
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index af76917b..4446bbaa 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -35,4 +35,8 @@ allow recovery file_type:notdevfile_class_set { unlink getattr };
 allow recovery install_data_file:file create_file_perms;
 allow recovery system_data_file:file create;
 
+# /cache/recovery things: command and logs
+allow recovery recovery_cache_file:dir create_dir_perms;
+allow recovery recovery_cache_file:file create_file_perms;
+
 ')
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 6c0e059b..b843de89 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,3 +1,7 @@
 # For performance settings
 allow system_app sysfs_devices_system_cpu:file rw_file_perms;
 allow system_app sysfs_devices_system_iosched:file rw_file_perms;
+
+# For the updaters
+allow system_app recovery_cache_file:dir {add_name rw_file_perms};
+allow system_app recovery_cache_file:file {create rw_file_perms};