diff --git a/device.te b/device.te
index 6424db647..ac34d727c 100644
--- a/device.te
+++ b/device.te
@@ -37,3 +37,9 @@ type urandom_device, dev_type;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type;
+
+# All devices have a uart for the hci
+# attach service. The uart dev node
+# varies per device. This type
+# is used in per device policy
+type hci_attach_dev, dev_type;
diff --git a/file.te b/file.te
index b6e3a5d08..4e3bd535d 100644
--- a/file.te
+++ b/file.te
@@ -56,6 +56,11 @@ type efs_file, file_type;
 # Type for wallpaper file.
 type wallpaper_file, file_type;
 
+# All devices have bluetooth efs files. But they
+# vary per device, so this type is used in per
+# defice policy
+type bluetooth_efs_file, file_type;
+
 # Socket types
 type bluetooth_socket, file_type;
 type dbus_socket, file_type;
diff --git a/hci_attach.te b/hci_attach.te
new file mode 100644
index 000000000..3cb0953e5
--- /dev/null
+++ b/hci_attach.te
@@ -0,0 +1,9 @@
+type hci_attach, domain;
+type hci_attach_exec, exec_type, file_type;
+
+init_daemon_domain(hci_attach)
+
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;
diff --git a/rild.te b/rild.te
index a0a4a374a..e65fc362e 100644
--- a/rild.te
+++ b/rild.te
@@ -17,6 +17,7 @@ allow rild mtd_device:dir search;
 allow rild efs_file:dir create_dir_perms;
 allow rild efs_file:file create_file_perms;
 allow rild shell_exec:file rx_file_perms;
+allow rild bluetooth_efs_file:file r_file_perms;
 dontaudit rild self:capability sys_admin;
 # XXX Label sysfs files with a specific type?
 allow rild sysfs:file rw_file_perms;