diff --git a/init.hardware.rc b/init.hardware.rc
index fad03bc1..612eb374 100644
--- a/init.hardware.rc
+++ b/init.hardware.rc
@@ -155,9 +155,13 @@ on fs
     mount_all /vendor/etc/fstab.${ro.hardware} --early
     swapon_all /vendor/etc/fstab.${ro.hardware}
 
-    restorecon_recursive /persist
     mkdir /persist/data 0700 system system
     mkdir /persist/display 0770 system graphics
+    mkdir /persist/rfs 0770 root system
+    mkdir /persist/hlos_rfs 0770 root system
+    chmod 0770 /persist/rfs
+    chmod 0770 /persist/hlos_rfs
+    restorecon_recursive /persist
 
     # Start HW service manager early
     start hwservicemanager
@@ -527,6 +531,7 @@ service rmt_storage /vendor/bin/rmt_storage
 service tftp_server /vendor/bin/tftp_server
    class core
    user root
+   group root system
 
 service wpa_supplicant /vendor/bin/hw/wpa_supplicant \
     -ip2p0 -Dnl80211 -c/data/misc/wifi/p2p_supplicant.conf \
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index ebaa722a..5ddb03af 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -47,6 +47,7 @@ type persist_data_file, file_type;
 type persist_display_file, file_type;
 type persist_drm_file, file_type;
 type persist_haptics_file, file_type;
+type persist_rfs_file, file_type;
 type persist_sensors_file, file_type;
 type persist_time_file, file_type;
 
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 06282a2a..e683f0ea 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -318,6 +318,8 @@
 /persist/display(/.*)?    u:object_r:persist_display_file:s0
 /persist/drm(/.*)?        u:object_r:persist_drm_file:s0
 /persist/haptics(/.*)?    u:object_r:persist_haptics_file:s0
+/persist/hlos_rfs(/.*)?   u:object_r:persist_rfs_file:s0
+/persist/rfs(/.*)?        u:object_r:persist_rfs_file:s0
 /persist/sensors(/.*)?    u:object_r:persist_sensors_file:s0
 /persist/time(/.*)?       u:object_r:persist_time_file:s0
 
diff --git a/sepolicy/vendor/rfs_access.te b/sepolicy/vendor/rfs_access.te
index f7a6d3b2..9b6d9ca3 100644
--- a/sepolicy/vendor/rfs_access.te
+++ b/sepolicy/vendor/rfs_access.te
@@ -11,7 +11,8 @@ wakelock_use(rfs_access)
 # For tftp server file access
 allow rfs_access firmware_file:dir search;
 allow rfs_access firmware_file:file r_file_perms;
-allow rfs_access persist_file:dir { create rw_dir_perms setattr };
-allow rfs_access persist_file:file create_file_perms;
+allow rfs_access persist_file:dir search;
+allow rfs_access persist_rfs_file:dir create_dir_perms;
+allow rfs_access persist_rfs_file:file create_file_perms;
 
 allow rfs_access self:socket create_socket_perms_no_ioctl;