diff --git a/rootdir/root/init.qcom.rc b/rootdir/root/init.qcom.rc
index ab09f34..2c5cd6d 100644
--- a/rootdir/root/init.qcom.rc
+++ b/rootdir/root/init.qcom.rc
@@ -1313,5 +1313,5 @@ service config_bt_addr /vendor/bin/btnvtool -O
 
 service goodix_script /vendor/bin/init.goodix.sh
     class late_start
-    user root
+    user system
     oneshot
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 0bce66f..b9f91b9 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -27,6 +27,9 @@
 /sys/devices/soc/soc:fpc1020.*/hw_reset                       u:object_r:sysfs_fpc_dev:s0
 /sys/devices/soc/soc:fpc1020.*/wakeup_enable                  u:object_r:sysfs_fpc_dev:s0
 
+# Shell Script
+/(vendor|system/vendor)/bin/init\.goodix\.sh    u:object_r:init_fingerprint_exec:s0
+
 # Video4linux sysfs nodes
 /sys/devices/soc/ca00000\.qcom,msm-cam/video4linux/video0(/.*)? u:object_r:sysfs_graphics:s0
 /sys/devices/soc/caa0000\.qcom,jpeg/video4linux/video1(/.*)?   u:object_r:sysfs_graphics:s0
diff --git a/sepolicy/init_fingerprint.te b/sepolicy/init_fingerprint.te
new file mode 100644
index 0000000..4c27535
--- /dev/null
+++ b/sepolicy/init_fingerprint.te
@@ -0,0 +1,15 @@
+type init_fingerprint, domain;
+type init_fingerprint_exec, exec_type, vendor_file_type, file_type;
+
+# Allow for transition from init domain to init_fingerprint
+init_daemon_domain(init_fingerprint)
+
+# Shell script needs to execute /vendor/bin/sh
+allow init_fingerprint vendor_shell_exec:file rx_file_perms;
+allow init_fingerprint vendor_toolbox_exec:file rx_file_perms;
+
+# Allow to delete file
+allow init_fingerprint persist_file:dir search;
+allow init_fingerprint persist_drm_file:dir { read search open write remove_name };
+allow init_fingerprint persist_drm_file:file { getattr unlink };
+allow init_fingerprint system_data_file:file r_file_perms;