diff --git a/private/zygote.te b/private/zygote.te
index 491f079ecd074bf048daa602867ef1a27b819ae0..d1e0f5500590594c8db650bc17373b588f5df87b 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -48,6 +48,9 @@ allow zygote resourcecache_data_file:file create_file_perms;
 # https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
 allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
 
+# Allow zygote to create JIT memory.
+allow zygote self:process execmem;
+
 # Execute idmap and dex2oat within zygote's own domain.
 # TODO:  Should either of these be transitioned to the same domain
 # used by installd or stay in-domain for zygote?