diff --git a/public/init.te b/public/init.te
index 8dcdd3346..ce0d130fe 100644
--- a/public/init.te
+++ b/public/init.te
@@ -158,6 +158,7 @@ allow init self:global_capability_class_set { sys_rawio mknod };
 # Mounting filesystems from block devices.
 allow init dev_type:blk_file r_file_perms;
 allowxperm init dev_type:blk_file ioctl BLKROSET;
+allowxperm init system_data_root_file:dir ioctl F2FS_IOC_SHUTDOWN;
 
 # Mounting filesystems.
 # Only allow relabelto for types used in context= mount options,
diff --git a/public/ioctl_defines b/public/ioctl_defines
index fa96726ea..51cce4e06 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -722,6 +722,7 @@ define(`F2FS_IOC_GET_COMPRESS_OPTION', `0xf515')
 define(`F2FS_IOC_SET_COMPRESS_OPTION', `0xf516')
 define(`F2FS_IOC_DECOMPRESS_FILE', `0xf517')
 define(`F2FS_IOC_COMPRESS_FILE', `0xf518')
+define(`F2FS_IOC_SHUTDOWN', `0x587d')
 define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210')
 define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213')
 define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211')