diff --git a/private/system_server.te b/private/system_server.te
index 208eb73e64888058979e3c54353a598bf5f48a7d..a1c4a1f3aaedd2bb47f0915c02355241f87a675e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -661,11 +661,12 @@ allow system_server sysfs_leds:dir r_dir_perms;
 allow system_server debugfs_tracing_instances:dir search;
 allow system_server debugfs_wifi_tracing:file rw_file_perms;
 
-# allow system_server to exec shell on ASAN builds. Needed to run
+# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run
 # asanwrapper.
 with_asan(`
   allow system_server shell_exec:file rx_file_perms;
   allow system_server asanwrapper_exec:file rx_file_perms;
+  allow system_server zygote_exec:file rx_file_perms;
 ')
 
 ###