diff --git a/public/sgdisk.te b/public/sgdisk.te
index 7a7ba82262713f19d78500f6b280d1959629e95b..47966bd4b3f2ceb3afd991301e7b199f070cd49b 100644
--- a/public/sgdisk.te
+++ b/public/sgdisk.te
@@ -5,6 +5,16 @@ type sgdisk_exec, system_file_type, exec_type, file_type;
 # Allowed to read/write low-level partition tables
 allow sgdisk block_device:dir search;
 allow sgdisk vold_device:blk_file rw_file_perms;
+# HDIO_GETGEO needed to get the number of disk heads
+# on vold_device. How quaint.
+allowxperm sgdisk vold_device:blk_file ioctl { HDIO_GETGEO };
+# sgdisk also uses BLKGETSIZE and BLKGETSIZE64. BLKGETSIZE64
+# is granted to all block device users in domain.te, so
+# no need to mention it here. sgdisk should not be
+# using the BLKGETSIZE ioctl as it is useless for devices over
+# 2T in size, but we allow it for now and hope that sgdisk
+# will fix their bug.
+allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE };
 
 # Inherit and use pty created by android_fork_execvp()
 allow sgdisk devpts:chr_file { read write ioctl getattr };