diff --git a/init.te b/init.te
index 464f088df50aa8ad1d1d52545325dbdbd53d3676..555fc30a76ca87243c3c357f53f34324221cc75a 100644
--- a/init.te
+++ b/init.te
@@ -108,6 +108,9 @@ allow init { sysfs_type debugfs_type }:{ dir file lnk_file } relabelto;
 allow init dev_type:dir create_dir_perms;
 allow init dev_type:lnk_file create;
 
+# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on
+allow init debugfs_tracing:file w_file_perms;
+
 # chown/chmod on pseudo files.
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:file { open read setattr };
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
diff --git a/shell.te b/shell.te
index ebd702bf6ea5d8ac7a43dc496c9db6bf352bc627..f87027daf9e9337f9a809dfb709ed7feee23805f 100644
--- a/shell.te
+++ b/shell.te
@@ -71,6 +71,7 @@ set_prop(shell, powerctl_prop)
 # systrace support - allow atrace to run
 allow shell debugfs_tracing:dir r_dir_perms;
 allow shell debugfs_tracing:file rw_file_perms;
+allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;
 
 userdebug_or_eng(`