diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 51e7b5c31..73fb877b0 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -118,6 +118,7 @@
     mediaswcodec_tmpfs
     mediaextractor_update_service
     mediaprovider_tmpfs
+    metadata_bootstat_file
     metadata_file
     mnt_product_file
     mnt_vendor_file
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index a8d64bd24..8dd367adc 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -107,6 +107,7 @@
     mediaswcodec
     mediaswcodec_exec
     mediaswcodec_tmpfs
+    metadata_bootstat_file
     metadata_file
     mnt_product_file
     mnt_vendor_file
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index de62740bc..16637f395 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -98,6 +98,7 @@
     mediaswcodec
     mediaswcodec_exec
     mediaswcodec_tmpfs
+    metadata_bootstat_file
     mnt_product_file
     network_stack
     network_stack_service
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index f28757ee5..fd5700765 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -61,6 +61,7 @@
     light_service
     linker_prop
     linkerconfig_file
+    metadata_bootstat_file
     mnt_pass_through_file
     mock_ota_prop
     module_sdkextensions_prop
diff --git a/private/file_contexts b/private/file_contexts
index 3955708ba..0ee01b8bb 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -697,6 +697,7 @@
 /metadata/gsi/ota(/.*)?   u:object_r:ota_metadata_file:s0
 /metadata/password_slots(/.*)?    u:object_r:password_slot_metadata_file:s0
 /metadata/ota(/.*)?       u:object_r:ota_metadata_file:s0
+/metadata/bootstat(/.*)?  u:object_r:metadata_bootstat_file:s0
 
 #############################
 # asec containers
diff --git a/public/bootstat.te b/public/bootstat.te
index a2a060bc2..6143a7d2b 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -15,6 +15,9 @@ get_prop(bootstat, boottime_prop)
 set_prop(bootstat, bootloader_boot_reason_prop)
 set_prop(bootstat, system_boot_reason_prop)
 set_prop(bootstat, last_boot_reason_prop)
+allow bootstat metadata_file:dir search;
+allow bootstat metadata_bootstat_file:dir rw_dir_perms;
+allow bootstat metadata_bootstat_file:file create_file_perms;
 
 # ToDo: TBI move access for the following to a system health HAL
 
diff --git a/public/file.te b/public/file.te
index 0585afd01..1f8dacc7c 100644
--- a/public/file.te
+++ b/public/file.te
@@ -230,6 +230,8 @@ type password_slot_metadata_file, file_type;
 type apex_metadata_file, file_type;
 # libsnapshot files within /metadata
 type ota_metadata_file, file_type;
+# property files within /metadata/bootstat
+type metadata_bootstat_file, file_type;
 
 # Type for /dev/cpu_variant:.*.
 type dev_cpu_variant, file_type;
diff --git a/public/init.te b/public/init.te
index cfca727c4..bdcf05763 100644
--- a/public/init.te
+++ b/public/init.te
@@ -566,6 +566,8 @@ allow init vendor_shell_exec:file execute;
 # Metadata setup
 allow init vold_metadata_file:dir create_dir_perms;
 allow init vold_metadata_file:file getattr;
+allow init metadata_bootstat_file:dir create_dir_perms;
+allow init metadata_bootstat_file:file w_file_perms;
 
 # Allow init to touch PSI monitors
 allow init proc_pressure_mem:file { rw_file_perms setattr };