diff --git a/private/file_contexts b/private/file_contexts
index 3049bc681..e7045e017 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -277,6 +277,7 @@
 /system/bin/recovery-refresh     u:object_r:recovery_refresh_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/bin/snapshotctl      u:object_r:snapshotctl_exec:s0
+/system/bin/remount              u:object_r:remount_exec:s0
 /system/bin/dhcpcd      u:object_r:dhcp_exec:s0
 /system/bin/dhcpcd-6\.8\.2	u:object_r:dhcp_exec:s0
 /system/bin/mtpd	u:object_r:mtp_exec:s0
diff --git a/private/remount.te b/private/remount.te
new file mode 100644
index 000000000..4dd94a5fd
--- /dev/null
+++ b/private/remount.te
@@ -0,0 +1,15 @@
+type remount, domain, coredomain;
+type remount_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+  # Allow init to run clean_scratch_files and do auto domain transfer.
+  init_daemon_domain(remount)
+
+  # Allow talking to gsid.
+  binder_use(remount)
+  allow remount gsi_service:service_manager find;
+  binder_call(remount, gsid)
+
+  # Allow searching for /metadata/gsi/remount/lp_metadata.
+  allow remount { metadata_file gsi_metadata_file_type }:dir search;
+')