diff --git a/init/init.c b/init/init.c
index bfaf983b4..ede2daa8a 100755
--- a/init/init.c
+++ b/init/init.c
@@ -745,6 +745,7 @@ static int bootchart_init_action(int nargs, char **args)
 #endif
 
 static const struct selinux_opt seopts_prop[] = {
+        { SELABEL_OPT_PATH, "/data/security/property_contexts" },
         { SELABEL_OPT_PATH, "/data/system/property_contexts" },
         { SELABEL_OPT_PATH, "/property_contexts" },
         { 0, NULL }
diff --git a/rootdir/init.rc b/rootdir/init.rc
index d6182e884..72f351fab 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -242,6 +242,9 @@ on post-fs-data
     # the following directory.
     mkdir /data/drm 0770 drm drm
 
+    # Separate location for storing security policy files on data
+    mkdir /data/security 0600 system system
+
     # If there is no fs-post-data action in the init.<device>.rc file, you
     # must uncomment this line, otherwise encrypted filesystems
     # won't work.