diff --git a/BoardConfig.mk b/BoardConfig.mk
index b52fa40..74fdbef 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -24,6 +24,9 @@ include device/google/wahoo/BoardConfig.mk
 BOARD_BOOTIMAGE_PARTITION_SIZE := 41943040
 BOARD_AVB_ENABLE := true
 
+# sepolicy
+BOARD_SEPOLICY_DIRS += device/google/taimen/sepolicy
+
 ifeq (,$(filter-out taimen_clang, $(TARGET_PRODUCT)))
 # if TARGET_PRODUCT == taimen_clang
 BOARD_VENDOR_KERNEL_MODULES += \
diff --git a/init-taimen.rc b/init-taimen.rc
index 13ae83e..75b4cdf 100644
--- a/init-taimen.rc
+++ b/init-taimen.rc
@@ -24,6 +24,10 @@ on property:sys.boot_completed=1
     write /sys/block/dm-0/queue/read_ahead_kb 512
     write /sys/block/dm-1/queue/read_ahead_kb 512
 
+on boot
+    # Allow ftm4 autotune from adb shell
+    chown system shell /sys/devices/virtual/input/ftm4_touch/autotune
+
 on init && property:ro.boot.slot=*
     # will remove this once slot_suffix is deprecated
     setprop ro.boot.slot_suffix _${ro.boot.slot}
diff --git a/sepolicy/file.te b/sepolicy/file.te
new file mode 100644
index 0000000..e8a3105
--- /dev/null
+++ b/sepolicy/file.te
@@ -0,0 +1 @@
+type sysfs_touch_shell, sysfs_type, fs_type;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
new file mode 100644
index 0000000..a46e110
--- /dev/null
+++ b/sepolicy/genfs_contexts
@@ -0,0 +1,3 @@
+# ftm4 touch
+genfscon sysfs /devices/virtual/input/ftm4_touch               u:object_r:sysfs_touch:s0
+genfscon sysfs /devices/virtual/input/ftm4_touch/autotune      u:object_r:sysfs_touch_shell:s0
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
new file mode 100644
index 0000000..9475f08
--- /dev/null
+++ b/sepolicy/shell.te
@@ -0,0 +1,3 @@
+# allow adb to access /sys/devices/virtual/input/ftm4_touch/autotune
+allow shell sysfs_touch:dir search;
+allow shell sysfs_touch_shell:file rw_file_perms;