diff --git a/dumpstate.te b/dumpstate.te
index 318755528e663ff839d78d85c07c5067f033cdd4..31695a5c32d7f3541937f941860915780bf411c2 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -173,3 +173,4 @@ allow dumpstate atrace_exec:file rx_file_perms;
 # This should be removed if sdcardfs is modified to alter the secontext for its
 # accesses to the underlying FS.
 allow dumpstate media_rw_data_file:dir getattr;
+allow dumpstate proc_interrupts:file r_file_perms;
diff --git a/file.te b/file.te
index 3a4ca03831ea3e13e145e2dc1b1f4949edd3de86..6edbd42892013ceefda38c4f7f0489d7c2e8d463 100644
--- a/file.te
+++ b/file.te
@@ -13,10 +13,13 @@ type usermodehelper, fs_type, sysfs_type;
 type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_cpuinfo, fs_type;
+type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
 type proc_meminfo, fs_type;
 type proc_net, fs_type;
+type proc_stat, fs_type;
 type proc_sysrq, fs_type;
+type proc_timer, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
 type selinuxfs, fs_type, mlstrustedobject;
diff --git a/genfs_contexts b/genfs_contexts
index 81749fd1c89e5ca44e48e45fd90a60ca22ac4eeb..57b967cbc17ea9af05a00c9694261e1faacc4b28 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -2,11 +2,14 @@
 genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
+genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon proc /softirqs u:object_r:proc_timer:s0
+genfscon proc /stat u:object_r:proc_stat:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
@@ -24,6 +27,8 @@ genfscon proc /sys/net u:object_r:proc_net:s0
 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
+genfscon proc /timer_list u:object_r:proc_timer:s0
+genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 
diff --git a/init.te b/init.te
index 8f7c82b5ed8b5b6e59983a679d94f79c52d1cf4d..f285a0859da266a5a697b6770fc06788a01724b9 100644
--- a/init.te
+++ b/init.te
@@ -198,6 +198,9 @@ allow init self:capability net_admin;
 # Write to /proc/sysrq-trigger.
 allow init proc_sysrq:file w_file_perms;
 
+# Read /proc/stat for bootchart.
+allow init proc_stat:file r_file_perms;
+
 # Reboot.
 allow init self:capability sys_boot;
 
diff --git a/shell.te b/shell.te
index 3e3972ad9d1ca35d3dc2526bdff5a0ecccf4f1fb..006313e24535a0c29b8ed5a4b73e7684632f3a1b 100644
--- a/shell.te
+++ b/shell.te
@@ -96,7 +96,10 @@ allow shell { service_manager_type -gatekeeper_service -netd_service }:service_m
 # allow shell to look through /proc/ for ps, top, netstat
 r_dir_file(shell, proc)
 r_dir_file(shell, proc_net)
+allow shell proc_interrupts:file r_file_perms;
 allow shell proc_meminfo:file r_file_perms;
+allow shell proc_stat:file r_file_perms;
+allow shell proc_timer:file r_file_perms;
 r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };
diff --git a/system_server.te b/system_server.te
index 319475ab52d3ed5da4ebbf9f9cd4c79890363cce..868a8306cd9638cd4ea1aa15c808753519a6c709 100644
--- a/system_server.te
+++ b/system_server.te
@@ -112,6 +112,9 @@ allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;
 
+# Read /proc/stat for CPU usage statistics
+allow system_server proc_stat:file r_file_perms;
+
 # Read /sys/kernel/debug/wakeup_sources.
 allow system_server debugfs:file r_file_perms;