diff --git a/update_verifier.te b/update_verifier.te
index d42c81fc21a92041053729e54c266ee618115cb4..09d5fc4bc0ec8d29422ea835f48df38731101754 100644
--- a/update_verifier.te
+++ b/update_verifier.te
@@ -8,4 +8,10 @@ init_daemon_domain(update_verifier)
 # Allow update_verifier to reach block devices in /dev/block.
 allow update_verifier block_device:dir search;
 
-# TODO: Add rules to allow update_verifier to read system_block_device.
+# Read care map in /data/ota_package/.
+allow update_verifier ota_package_file:dir r_dir_perms;
+allow update_verifier ota_package_file:file r_file_perms;
+
+# Read all blocks in system partition.
+allow update_verifier system_block_device:blk_file r_file_perms;
+