diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index ccc335206cd48ad0fd61057ed36b0d6fee634c1a..078a41b14218eb898404521b9b06bf3260a323d5 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -64,3 +64,12 @@ allow update_engine_common dm_device:blk_file rw_file_perms;
 
 # read / write metadata on super device to resize partitions
 allow update_engine_common super_block_device:blk_file rw_file_perms;
+
+# ioctl on super device to get block device alignment and alignment offset
+allowxperm update_engine_common {
+    system_block_device
+    super_block_device
+}:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
+
+# get physical block device to map logical partitions on device mapper
+allow update_engine_common block_device:dir r_dir_perms;