diff --git a/system_server.te b/system_server.te
index 30f302510e763e8ee4a114051dcd5d06d9a67cfa..604a576ff147f7d3f6e8821a7568dffb7351cf2c 100644
--- a/system_server.te
+++ b/system_server.te
@@ -67,6 +67,9 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
 # Use generic netlink sockets.
 allow system_server self:netlink_socket create_socket_perms;
 
+# Use generic netlink sockets.
+allow system_server self:netlink_socket create_socket_perms;
+
 # Kill apps.
 allow system_server appdomain:process { sigkill signal };
 
@@ -138,6 +141,10 @@ r_dir_file(system_server, inputflinger)
 allow system_server mediaserver:tcp_socket rw_socket_perms;
 allow system_server mediaserver:udp_socket rw_socket_perms;
 
+# Use sockets received over binder from various services.
+allow system_server mediaserver:tcp_socket rw_socket_perms;
+allow system_server mediaserver:udp_socket rw_socket_perms;
+
 # Check SELinux permissions.
 selinux_check_access(system_server)
 
@@ -241,6 +248,9 @@ allow system_server cache_backup_file:file { relabelto relabelfrom };
 # LocalTransport creates and relabels /cache/backup
 allow system_server cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
 
+# Access SDcard files passed via binder or sockets.
+allow system_server sdcard_type:file { read write getattr };
+
 # Allow system to talk to usb device
 allow system_server usb_device:chr_file rw_file_perms;
 allow system_server usb_device:dir r_dir_perms;