diff --git a/private/access_vectors b/private/access_vectors
index fdac89012..78dc135d0 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -721,6 +721,7 @@ class keystore2
 	change_user
 	clear_ns
 	clear_uid
+	early_boot_ended
 	get_auth_token
 	get_state
 	list
diff --git a/private/vold.te b/private/vold.te
index ba5ad8c32..93a351532 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -45,6 +45,12 @@ allow vold vold_key:keystore2_key {
     use
 };
 
+# vold needs to find keystore2 services
+allow vold keystore_maintenance_service:service_manager find;
+
+# vold needs to be able to call earlyBootEnded()
+allow vold keystore:keystore2 early_boot_ended;
+
 neverallow {
     domain
     -system_server