diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 76114782..e5ae776f 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -14,6 +14,9 @@
 /system/etc/init.d/90userinit           u:object_r:userinit_exec:s0
 /data/local/userinit.sh                 u:object_r:userinit_data_exec:s0
 
+# For F2FS partitions marked "formattable"
+/system/bin/mkfs\.f2fs    u:object_r:mkfs_exec:s0
+
 # For minivold in recovery
 /sbin/minivold            u:object_r:vold_exec:s0
 
diff --git a/sepolicy/mkfs.te b/sepolicy/mkfs.te
new file mode 100644
index 00000000..fe7c61bb
--- /dev/null
+++ b/sepolicy/mkfs.te
@@ -0,0 +1,9 @@
+type mkfs, domain;
+type mkfs_exec, exec_type, file_type;
+
+init_daemon_domain(mkfs)
+
+# Allow formatting userdata or cache partitions
+allow mkfs block_device:dir search;
+allow mkfs userdata_block_device:blk_file rw_file_perms;
+allow mkfs cache_block_device:blk_file rw_file_perms;