diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 280649e0a11b9008a4277b4394c9b8d98f10aa86..db14f1b585486f85aa97a47940da6b71c34c3a5b 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -111,9 +111,12 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
 neverallow all_untrusted_apps {
   proc
   proc_asound_cards
+  proc_filesystems
   proc_kmsg
   proc_loadavg
+  proc_mounts
   proc_pagetypeinfo
+  proc_swaps
   proc_version
   proc_vmallocinfo
 }:file { no_rw_file_perms no_x_file_perms };
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 5571357179eb29a324e691a2616027b91cd77d36..4ad2d8443a41448427c92dc31e5b23f0c0460a73 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -447,7 +447,7 @@
 (typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
 (typeattributeset print_service_26_0 (print_service))
 (typeattributeset priv_app_26_0 (mediaprovider priv_app))
-(typeattributeset proc_26_0 (proc proc_asound_cards proc_kmsg proc_loadavg proc_pagetypeinfo proc_uid_time_in_state proc_version proc_vmallocinfo))
+(typeattributeset proc_26_0 (proc proc_asound_cards proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
 (typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
 (typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
 (typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 01c63698f5a46f2811edf2554e368f42785f6999..cfe7b92c8ad97aca19ee8c88709c415bfdbc9326 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -4,6 +4,7 @@ genfscon rootfs / u:object_r:rootfs:s0
 genfscon proc / u:object_r:proc:s0
 genfscon proc /asound/cards u:object_r:proc_asound_cards:s0
 genfscon proc /config.gz u:object_r:config_gz:s0
+genfscon proc /filesystems u:object_r:proc_filesystems:s0
 genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /kmsg u:object_r:proc_kmsg:s0
@@ -11,12 +12,14 @@ genfscon proc /loadavg u:object_r:proc_loadavg:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /misc u:object_r:proc_misc:s0
 genfscon proc /modules u:object_r:proc_modules:s0
+genfscon proc /mounts u:object_r:proc_mounts:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
 genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0
 genfscon proc /softirqs u:object_r:proc_timer:s0
 genfscon proc /stat u:object_r:proc_stat:s0
+genfscon proc /swaps u:object_r:proc_swaps:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
diff --git a/public/e2fs.te b/public/e2fs.te
index 30a815a0107fa122ab9c4684fe5cddbe265ed202..a95512128e6d52b128f736a74c828420fd3d58d6 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -5,8 +5,11 @@ allow e2fs block_device:blk_file getattr;
 allow e2fs block_device:dir search;
 allow e2fs userdata_block_device:blk_file rw_file_perms;
 
-# access /proc/filesystems
-allow e2fs proc:file r_file_perms;
+allow e2fs {
+  proc_filesystems
+  proc_mounts
+  proc_swaps
+}:file r_file_perms;
 
 # access /sys/fs/ext4/features
 allow e2fs sysfs_fs_ext4_features:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index 20e534a9eee07a22b4fa5e6870f7f6c86d13308c..62cad466b6aea4ca3a94be59ab578fcee0b7da61 100644
--- a/public/file.te
+++ b/public/file.te
@@ -15,6 +15,7 @@ type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_asound_cards, fs_type;
 type proc_cpuinfo, fs_type;
+type proc_filesystems, fs_type;
 type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
 type proc_kmsg, fs_type;
@@ -22,10 +23,12 @@ type proc_loadavg, fs_type;
 type proc_meminfo, fs_type;
 type proc_misc, fs_type;
 type proc_modules, fs_type;
+type proc_mounts, fs_type;
 type proc_net, fs_type;
 type proc_pagetypeinfo, fs_type;
 type proc_perf, fs_type;
 type proc_stat, fs_type;
+type proc_swaps, fs_type;
 type proc_sysrq, fs_type;
 type proc_timer, fs_type;
 type proc_tty_drivers, fs_type;
diff --git a/public/fsck.te b/public/fsck.te
index b682a877f0de5c1d6b7eac98fad9e3fc2e1eeb19..7cc7e8b18f94fc49650ced01a203405f63a4b5c1 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -30,7 +30,10 @@ allow fsck dm_device:blk_file rw_file_perms;
 # major/minor values.
 allow fsck dev_type:blk_file getattr;
 
-r_dir_file(fsck, proc)
+allow fsck {
+  proc_mounts
+  proc_swaps
+}:file r_file_perms;
 allow fsck rootfs:dir r_dir_perms;
 
 ###
diff --git a/public/fsck_untrusted.te b/public/fsck_untrusted.te
index e2aceb87b00b4abc470fb121a7502951388c5312..8510c94247754a1aa9703cc8e7bdad30cef1419d 100644
--- a/public/fsck_untrusted.te
+++ b/public/fsck_untrusted.te
@@ -12,7 +12,7 @@ allow fsck_untrusted vold:fifo_file { read write getattr };
 allow fsck_untrusted block_device:dir search;
 allow fsck_untrusted vold_device:blk_file rw_file_perms;
 
-r_dir_file(fsck_untrusted, proc)
+allow fsck_untrusted proc_mounts:file r_file_perms;
 
 # To determine if it is safe to run fsck on a filesystem, e2fsck
 # must first determine if the filesystem is mounted. To do that,
diff --git a/public/sdcardd.te b/public/sdcardd.te
index 47a2f80611516032ba54c033b6081a025a1d236d..2af64102da793516f6e82add58f40c3184b1bbfe 100644
--- a/public/sdcardd.te
+++ b/public/sdcardd.te
@@ -32,7 +32,7 @@ allow sdcardd vold:fifo_file { read write getattr };
 allow sdcardd mnt_expand_file:dir search;
 
 # access /proc/filesystems
-allow sdcardd proc:file r_file_perms;
+allow sdcardd proc_filesystems:file r_file_perms;
 
 ###
 ### neverallow rules
diff --git a/public/vold.te b/public/vold.te
index a74354afd2bbbfa3e6ed13c0c11321a5700a77ef..e86caac3f0fbcd2a691540b1168ede7539aeb4f9 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -17,7 +17,11 @@ allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;
 
 r_dir_file(vold, rootfs)
-allow vold proc_meminfo:file r_file_perms;
+allow vold {
+  proc_filesystems
+  proc_meminfo
+  proc_mounts
+}:file r_file_perms;
 
 #Get file contexts
 allow vold file_contexts_file:file r_file_perms;