diff --git a/storage/sepolicy/fsck.te b/storage/sepolicy/fsck.te
index 7369bb4..6502995 100644
--- a/storage/sepolicy/fsck.te
+++ b/storage/sepolicy/fsck.te
@@ -4,4 +4,5 @@ allow fsck efs_block_device:blk_file rw_file_perms;
 allow fsck modem_userdata_block_device:blk_file rw_file_perms;
 allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
 allow fsck sysfs_scsi_devices_0000:file r_file_perms;
+allow fsck persist_block_device:blk_file rw_file_perms;
 
diff --git a/storage/sepolicy/recovery.te b/storage/sepolicy/recovery.te
new file mode 100644
index 0000000..7b34bb8
--- /dev/null
+++ b/storage/sepolicy/recovery.te
@@ -0,0 +1,6 @@
+# factory data reset
+recovery_only(`
+  allow recovery sysfs_scsi_devices_0000:file r_file_perms;
+  allow recovery sysfs_scsi_devices_0000:dir r_dir_perms;
+')
+