diff --git a/init/builtins.cpp b/init/builtins.cpp
index 64a363e98..8eb5b5b32 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -833,18 +833,31 @@ static int do_installkeys_ensure_dir_exists(const char* dir)
     return 0;
 }
 
+static bool is_file_crypto() {
+    char prop_value[PROP_VALUE_MAX] = {0};
+    property_get("ro.crypto.type", prop_value);
+    return strcmp(prop_value, "file") == 0;
+}
+
 int do_installkey(int nargs, char **args)
 {
     if (nargs != 2) {
         return -1;
     }
-
-    char prop_value[PROP_VALUE_MAX] = {0};
-    property_get("ro.crypto.type", prop_value);
-    if (strcmp(prop_value, "file")) {
+    if (!is_file_crypto()) {
         return 0;
     }
-
     return e4crypt_create_device_key(args[1],
                                      do_installkeys_ensure_dir_exists);
 }
+
+int do_setusercryptopolicies(int nargs, char **args)
+{
+    if (nargs != 2) {
+        return -1;
+    }
+    if (!is_file_crypto()) {
+        return 0;
+    }
+    return e4crypt_set_user_crypto_policies(args[1]);
+}
diff --git a/init/init_parser.cpp b/init/init_parser.cpp
index 0f0c88e94..62e8b102d 100644
--- a/init/init_parser.cpp
+++ b/init/init_parser.cpp
@@ -187,6 +187,7 @@ static int lookup_keyword(const char *s)
         if (!strcmp(s, "etenv")) return K_setenv;
         if (!strcmp(s, "etprop")) return K_setprop;
         if (!strcmp(s, "etrlimit")) return K_setrlimit;
+        if (!strcmp(s, "etusercryptopolicies")) return K_setusercryptopolicies;
         if (!strcmp(s, "ocket")) return K_socket;
         if (!strcmp(s, "tart")) return K_start;
         if (!strcmp(s, "top")) return K_stop;
diff --git a/init/keywords.h b/init/keywords.h
index ddaaffba6..0910f6008 100644
--- a/init/keywords.h
+++ b/init/keywords.h
@@ -22,6 +22,7 @@ int do_rm(int nargs, char **args);
 int do_rmdir(int nargs, char **args);
 int do_setprop(int nargs, char **args);
 int do_setrlimit(int nargs, char **args);
+int do_setusercryptopolicies(int nargs, char **args);
 int do_start(int nargs, char **args);
 int do_stop(int nargs, char **args);
 int do_swapon_all(int nargs, char **args);
@@ -86,6 +87,7 @@ enum {
     KEYWORD(setenv,      OPTION,  2, 0)
     KEYWORD(setprop,     COMMAND, 2, do_setprop)
     KEYWORD(setrlimit,   COMMAND, 3, do_setrlimit)
+    KEYWORD(setusercryptopolicies,   COMMAND, 1, do_setusercryptopolicies)
     KEYWORD(socket,      OPTION,  0, 0)
     KEYWORD(start,       COMMAND, 1, do_start)
     KEYWORD(stop,        COMMAND, 1, do_stop)
diff --git a/rootdir/init.rc b/rootdir/init.rc
index bdc89a6f2..4e2335412 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -358,6 +358,8 @@ on post-fs-data
     mkdir /data/system/heapdump 0700 system system
     mkdir /data/user 0711 system system
 
+    setusercryptopolicies /data/user
+
     # Reload policy from /data/security if present.
     setprop selinux.reload_policy 1