diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index bc5a0095a..66e737f16 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -93,6 +93,7 @@
     network_stack_service
     network_stack_tmpfs
     overlayfs_file
+    password_slot_metadata_file
     permissionmgr_service
     postinstall_apex_mnt_dir
     recovery_socket
diff --git a/private/file_contexts b/private/file_contexts
index 31fc91343..e8a065ba0 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -618,6 +618,7 @@
 /metadata(/.*)?           u:object_r:metadata_file:s0
 /metadata/vold(/.*)?      u:object_r:vold_metadata_file:s0
 /metadata/gsi(/.*)?       u:object_r:gsi_metadata_file:s0
+/metadata/password_slots(/.*)?    u:object_r:password_slot_metadata_file:s0
 
 #############################
 # asec containers
diff --git a/private/system_server.te b/private/system_server.te
index 59c134220..f87b72561 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1013,6 +1013,12 @@ wakelock_use(system_server)
 allow system_server apex_data_file:dir search;
 allow system_server apex_data_file:file r_file_perms;
 
+# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
+# communicate which slots are available for use.
+allow system_server metadata_file:dir search;
+allow system_server password_slot_metadata_file:dir rw_dir_perms;
+allow system_server password_slot_metadata_file:file create_file_perms;
+
 # dexoptanalyzer is currently used only for secondary dex files which
 # system_server should never access.
 neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
@@ -1023,3 +1029,12 @@ neverallow system_server { domain -system_server }:process ptrace;
 # CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID
 # file read access. However, that is now unnecessary (b/34951864)
 neverallow system_server system_server:global_capability_class_set sys_resource;
+
+# Only system_server/init should access /metadata/password_slots.
+neverallow { domain -init -system_server } password_slot_metadata_file:dir *;
+neverallow {
+  domain
+  -init
+  -system_server
+} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
+neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
diff --git a/public/file.te b/public/file.te
index 7a3983b22..cadc01a02 100644
--- a/public/file.te
+++ b/public/file.te
@@ -202,6 +202,8 @@ type metadata_file, file_type;
 type vold_metadata_file, file_type;
 # GSI files within /metadata
 type gsi_metadata_file, file_type;
+# system_server shares Weaver slot information in /metadata
+type password_slot_metadata_file, file_type;
 
 # Type for /dev/cpu_variant:.*.
 type dev_cpu_variant, file_type;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 76ee7a4ef..528d8ba02 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -50,6 +50,7 @@ allow vendor_init {
   -exec_type
   -system_file_type
   -mnt_product_file
+  -password_slot_metadata_file
   -unlabeled
   -vendor_file_type
   -vold_metadata_file
@@ -62,6 +63,7 @@ allow vendor_init {
   file_type
   -core_data_file_type
   -exec_type
+  -password_slot_metadata_file
   -runtime_event_log_tags_file
   -system_file_type
   -unlabeled
@@ -74,6 +76,7 @@ allow vendor_init {
   file_type
   -core_data_file_type
   -exec_type
+  -password_slot_metadata_file
   -system_file_type
   -unlabeled
   -vendor_file_type
@@ -86,6 +89,7 @@ allow vendor_init {
   -apex_mnt_dir
   -core_data_file_type
   -exec_type
+  -password_slot_metadata_file
   -system_file_type
   -unlabeled
   -vendor_file_type
@@ -98,6 +102,7 @@ allow vendor_init {
   -core_data_file_type
   -exec_type
   -mnt_product_file
+  -password_slot_metadata_file
   -system_file_type
   -vendor_file_type
   -vold_metadata_file