diff --git a/private/app.te b/private/app.te
index d739239cc53eeb2fb40644ad75ba430f560de95a..7d9bc89ed10ea07053c23a253f38d49598eacfaf 100644
--- a/private/app.te
+++ b/private/app.te
@@ -6,6 +6,10 @@ allow appdomain zygote_tmpfs:file read;
 # ashmem, e.g. battery stats.
 allow appdomain system_server_tmpfs:file read;
 
+# Get info from priv_app through ashmem, such as contact
+# info etc.
+allow appdomain priv_app_tmpfs:file read;
+
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind
         relabelfrom relabelto setattr shutdown };
diff --git a/private/mls b/private/mls
index 2eb621ddf8e1c7be9909464ae5f129e4e7116ac5..d4e0e733d5a493afe6999da016396c3b8f3ea9be 100644
--- a/private/mls
+++ b/private/mls
@@ -57,7 +57,7 @@ mlsconstrain dir_file_class_set { create relabelfrom relabelto }
 mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
 	     ( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject);
 mlsconstrain { file lnk_file sock_file } { open setattr unlink link rename }
-	     ( (t2 != app_data_file and t2 != privapp_data_file) or l1 dom l2 or t1 == mlstrustedsubject);
+	     ( (t2 != app_data_file and t2 != privapp_data_file and t2 != priv_app_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
 
 #
 # Constraints for file types other than app data files.
@@ -69,7 +69,7 @@ mlsconstrain dir { read getattr search }
 	     (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
-	     (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+	     (t2 == app_data_file or t2 == privapp_data_file or t2 == priv_app_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 # Write operations: Subject must be equivalent to the object unless the
 # subject or the object is trusted.
@@ -77,7 +77,7 @@ mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir }
 	     (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename }
-	     (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
+	     (t2 == app_data_file or t2 == privapp_data_file or t2 == priv_app_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
 
 # Special case for FIFOs.
 # These can be unnamed pipes, in which case they will be labeled with the