diff --git a/private/traceur_app.te b/private/traceur_app.te
index a3c435ce535f234b7d7f0cc7f9064377f87aca98..94841df10539fbc49c3bb33be78f7c9b0b8d0642 100644
--- a/private/traceur_app.te
+++ b/private/traceur_app.te
@@ -12,4 +12,11 @@ allow traceur_app trace_data_file:file create_file_perms;
 allow traceur_app trace_data_file:dir rw_dir_perms;
 allow traceur_app atrace_exec:file rx_file_perms;
 
+# To exec the perfetto cmdline client and pass it the trace config on
+# stdint through a pipe.
+allow traceur_app perfetto_exec:file rx_file_perms;
+
+# Allow to access traced's privileged consumer socket.
+unix_socket_connect(traceur_app, traced_consumer, traced)
+
 dontaudit traceur_app debugfs_tracing_debug:file audit_access;
diff --git a/public/file.te b/public/file.te
index cb0c5434aa4b5feea85bbcc90b03e1e2639c7c21..597204a40b3b053a8915da790b531761f8369053 100644
--- a/public/file.te
+++ b/public/file.te
@@ -390,7 +390,7 @@ type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
 type tombstoned_java_trace_socket, file_type, mlstrustedobject;
 type tombstoned_intercept_socket, file_type, coredomain_socket;
 type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
-type traced_consumer_socket, file_type, coredomain_socket;
+type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject;
 type uncrypt_socket, file_type, coredomain_socket;
 type wpa_socket, file_type, data_file_type, core_data_file_type;
 type zygote_socket, file_type, coredomain_socket;