diff --git a/private/perfprofd.te b/private/perfprofd.te
index 4da5410321ca4db83668a4a53caca4d979ded5b0..2b4d537829f2df1545d163b5b5f0ec557471091a 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -4,5 +4,5 @@ userdebug_or_eng(`
 ')
 
 # Only servicemanager, statsd, su and systemserver can communicate.
-neverallow { domain userdebug_or_eng(`-statsd') } perfprofd:binder call;
+neverallow { domain userdebug_or_eng(`-statsd -system_server') } perfprofd:binder call;
 neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
diff --git a/private/system_server.te b/private/system_server.te
index bdf0f24d78d25e566984b4c12a701c84f72d49c4..c5b83ecc85925d53c4d12ddd6791a1cdeaf171aa 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -180,6 +180,9 @@ binder_call(system_server, storaged)
 binder_call(system_server, vold)
 binder_call(system_server, wificond)
 binder_call(system_server, wpantund)
+userdebug_or_eng(`
+  binder_call(system_server, perfprofd)
+')
 binder_service(system_server)
 
 # Use HALs
@@ -620,6 +623,9 @@ allow system_server storaged_service:service_manager find;
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server vold_service:service_manager find;
 allow system_server wificond_service:service_manager find;
+userdebug_or_eng(`
+  allow system_server perfprofd_service:service_manager find;
+')
 
 allow system_server keystore:keystore_key {
 	get_state