diff --git a/radio/copy_efs_files_to_data.te b/radio/copy_efs_files_to_data.te
new file mode 100644
index 00000000..bfae50ed
--- /dev/null
+++ b/radio/copy_efs_files_to_data.te
@@ -0,0 +1,37 @@
+type copy_efs_files_to_data, domain;
+type copy_efs_files_to_data_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(copy_efs_files_to_data);
+
+
+
+# Allow creating files on /data/vendor/copied
+allow copy_efs_files_to_data modem_efs_image_file:dir  { create_dir_perms };
+allow copy_efs_files_to_data modem_efs_image_file:file { create_file_perms };
+allow copy_efs_files_to_data modem_efs_image_file:lnk_file { create_file_perms };
+
+
+# Allow execute binaries from /vendor/bin
+allow copy_efs_files_to_data vendor_toolbox_exec:file rx_file_perms;
+allow copy_efs_files_to_data vendor_shell_exec:file rx_file_perms;
+
+allow copy_efs_files_to_data mnt_vendor_file:dir { r_dir_perms setattr };
+
+allow copy_efs_files_to_data kmsg_debug_device:chr_file { w_file_perms ioctl getattr };
+
+
+# For reading files on /mnt/vendor/persist
+allow copy_efs_files_to_data vendor_persist_type:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data vendor_persist_type:file { r_file_perms setattr };
+allow copy_efs_files_to_data tee_data_file:lnk_file r_file_perms;
+
+# For reading files on /mnt/vendor/efs
+allow copy_efs_files_to_data modem_efs_file:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data modem_efs_file:file { r_file_perms setattr };
+
+# For reading files on /mnt/vendor/modem_userdata
+allow copy_efs_files_to_data modem_userdata_file:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data modem_userdata_file:file { r_file_perms setattr };
+
+# Allow changing permission of files on /data/vendor/copied, part of cp -rp
+allow copy_efs_files_to_data self:capability { fowner chown };
diff --git a/radio/file.te b/radio/file.te
index daceb569..dcdf1302 100644
--- a/radio/file.te
+++ b/radio/file.te
@@ -1,5 +1,6 @@
 # Data
 type rild_vendor_data_file, file_type, data_file_type;
+type modem_efs_image_file, file_type, data_file_type;
 type vendor_gps_file, file_type, data_file_type;
 type modem_ml_data_file, file_type, data_file_type;
 type modem_stat_data_file, file_type, data_file_type;
diff --git a/radio/file_contexts b/radio/file_contexts
index 1fcdfdd3..d4f29be0 100644
--- a/radio/file_contexts
+++ b/radio/file_contexts
@@ -12,6 +12,7 @@
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
 /vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
+/vendor/bin/copy_efs_files_to_data                                                            u:object_r:copy_efs_files_to_data_exec:s0
 
 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
@@ -23,6 +24,7 @@
 /data/vendor/modem_ml(/.*)?                                                 u:object_r:modem_ml_data_file:s0
 /data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
 /data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
+/data/vendor/copied(/.*)?                                                     u:object_r:modem_efs_image_file:s0
 
 # vendor extra images
 /mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0