diff --git a/access_vectors b/access_vectors
index 659fb3632ca12ab1245e6f11bdcd620826090777..320a1c8976880bd0a1c9374d06651fa7c0c68d30 100644
--- a/access_vectors
+++ b/access_vectors
@@ -914,6 +914,9 @@ class keystore_key
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 }
 
 class debuggerd
diff --git a/system_server.te b/system_server.te
index 0068378340acd69bbfa2e619f91084321d5688ae..438d09d580798132c64a51cf5a545911d04e22ca 100644
--- a/system_server.te
+++ b/system_server.te
@@ -381,6 +381,9 @@ allow system_server keystore:keystore_key {
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 };
 
 # Allow system server to search and write to the persistent data block device