diff --git a/private/apexd.te b/private/apexd.te
index ab136eb3a7fe4f6de24b7b0bcba4884f04b2c828..61e099bf9c8903301bbf2d32e1460c09e568224b 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -43,6 +43,10 @@ allow apexd apex_mnt_dir:lnk_file create_file_perms;
 # Unmount and mount filesystems
 allow apexd labeledfs:filesystem { mount unmount };
 
+# Configure read-ahead of dm-verity devices
+allow apexd sysfs_dm:dir r_dir_perms;
+allow apexd sysfs_dm:file rw_file_perms;
+
 # Spawning a libbinder thread results in a dac_override deny,
 # /dev/cpuset/tasks is owned by system.
 #