diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index b77c97ba5..d29417d52 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -56,6 +56,7 @@
     proc_watermark_scale_factor
     remotelyprovisionedkeypool_service
     resources_manager_service
+    rootdisk_sysdev
     selection_toolbar_service
     snapuserd_proxy_socket
     supplemental_process_service
diff --git a/private/file_contexts b/private/file_contexts
index d8c6fbfa1..e2ffbc089 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -171,6 +171,7 @@
 /dev/socket/usap_pool_primary	u:object_r:zygote_socket:s0
 /dev/socket/usap_pool_secondary	u:object_r:zygote_socket:s0
 /dev/spdif_out.*	u:object_r:audio_device:s0
+/dev/sys/block/by-name/rootdisk(/.*)?	u:object_r:rootdisk_sysdev:s0
 /dev/sys/block/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
 /dev/sys/fs/by-name/userdata(/.*)?	u:object_r:userdata_sysdev:s0
 /dev/tty		u:object_r:owntty_device:s0
diff --git a/public/device.te b/public/device.te
index 686f95533..4ca8a6f7f 100644
--- a/public/device.te
+++ b/public/device.te
@@ -121,3 +121,6 @@ type sdcard_block_device, dev_type;
 
 # Userdata device file for filesystem tunables
 type userdata_sysdev, dev_type;
+
+# Root disk file for disk tunables
+type rootdisk_sysdev, dev_type;
diff --git a/public/init.te b/public/init.te
index 362c41eb9..d1f7d90ad 100644
--- a/public/init.te
+++ b/public/init.te
@@ -625,6 +625,9 @@ allow init fuse:dir { search getattr };
 # allow filesystem tuning
 allow init userdata_sysdev:file create_file_perms;
 
+# allow disk tuning
+allow init rootdisk_sysdev:file create_file_perms;
+
 ###
 ### neverallow rules
 ###
diff --git a/public/rootdisk_sysdev.te b/public/rootdisk_sysdev.te
new file mode 100644
index 000000000..f92fd79ce
--- /dev/null
+++ b/public/rootdisk_sysdev.te
@@ -0,0 +1 @@
+allow rootdisk_sysdev sysfs:filesystem associate;