diff --git a/private/file_contexts b/private/file_contexts
index 71f1586f6..812ae5a10 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -445,12 +445,39 @@
 # debugfs files
 #
 /sys/kernel/debug/mmc0(/.*)?                            u:object_r:debugfs_mmc:s0
-/sys/kernel(/debug)?/tracing/(.*)?			u:object_r:debugfs_tracing:s0
-/sys/kernel(/debug)?/tracing/trace_marker		u:object_r:debugfs_trace_marker:s0
-/sys/kernel(/debug)?/tracing/instances(/.*)?		u:object_r:debugfs_tracing_instances:s0
-/sys/kernel(/debug)?/tracing/instances/wifi/free_buffer	u:object_r:debugfs_wifi_tracing:s0
-/sys/kernel(/debug)?/tracing/instances/wifi/trace	u:object_r:debugfs_wifi_tracing:s0
-/sys/kernel(/debug)?/tracing/instances/wifi/tracing_on	u:object_r:debugfs_wifi_tracing:s0
+
+#############################
+# tracefs files
+#
+/sys/kernel(/debug)?/tracing/buffer_size_kb                                         u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/binder/binder_locked/enable                     u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/binder/binder_lock/enable                       u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/binder/binder_transaction/enable                u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/binder/binder_transaction_received/enable       u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/binder/binder_unlock/enable                     u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/cpufreq_interactive/enable                      u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/power/clock_set_rate/enable                     u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/power/cpu_frequency/enable                      u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/power/cpu_frequency_limits/enable               u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/power/cpu_idle/enable                           u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/sched/sched_blocked_reason/enable               u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/sched/sched_cpu_hotplug/enable                  u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/sched/sched_switch/enable                       u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/sched/sched_wakeup/enable                       u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/enable    u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_direct_reclaim_end/enable      u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_kswapd_sleep/enable            u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/events/vmscan/mm_vmscan_kswapd_wake/enable             u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/instances(/.*)?                                        u:object_r:debugfs_tracing_instances:s0
+/sys/kernel(/debug)?/tracing/instances/wifi/free_buffer                             u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel(/debug)?/tracing/instances/wifi/trace                                   u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel(/debug)?/tracing/instances/wifi/tracing_on                              u:object_r:debugfs_wifi_tracing:s0
+/sys/kernel(/debug)?/tracing/options/overwrite                                      u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/options/print-tgid                                     u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/trace                                                  u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/trace_clock                                            u:object_r:tracing_shell_writable:s0
+/sys/kernel(/debug)?/tracing/trace_marker                                           u:object_r:debugfs_trace_marker:s0
+/sys/kernel(/debug)?/tracing/tracing_on                                             u:object_r:tracing_shell_writable:s0
 
 #############################
 # asec containers
diff --git a/private/shell.te b/private/shell.te
index 333265f8b..1e779645a 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -1,6 +1,7 @@
 # systrace support - allow atrace to run
 allow shell debugfs_tracing:dir r_dir_perms;
-allow shell debugfs_tracing:file rw_file_perms;
+allow shell debugfs_tracing:file r_file_perms;
+allow shell tracing_shell_writable:file rw_file_perms;
 allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;
 
diff --git a/public/file.te b/public/file.te
index d279748bf..cd646f51f 100644
--- a/public/file.te
+++ b/public/file.te
@@ -65,6 +65,7 @@ type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
 type debugfs_tracing, fs_type, debugfs_type;
 type debugfs_tracing_instances, fs_type, debugfs_type;
 type debugfs_wifi_tracing, fs_type, debugfs_type;
+type tracing_shell_writable, fs_type, debugfs_type;
 type pstorefs, fs_type;
 type functionfs, fs_type, mlstrustedobject;
 type oemfs, fs_type, contextmount_type;
diff --git a/public/init.te b/public/init.te
index fe7289439..a65bf2cbc 100644
--- a/public/init.te
+++ b/public/init.te
@@ -184,7 +184,7 @@ allow init dev_type:dir create_dir_perms;
 allow init dev_type:lnk_file create;
 
 # Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
-allow init debugfs_tracing:file w_file_perms;
+allow init tracing_shell_writable:file w_file_perms;
 
 userdebug_or_eng(`
   # Setup and control wifi event tracing (see wifi-events.rc)