diff --git a/private/system_server.te b/private/system_server.te
index 7104135792201d8fe59dcaf1c0b30dbd28c68188..621385cbc0afea059eead1849e56c06aa18e9c37 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -713,6 +713,7 @@ allow system_server keystore:keystore_key {
 # protection partition. This block device does not get wiped in a factory reset.
 allow system_server block_device:dir search;
 allow system_server frp_block_device:blk_file rw_file_perms;
+allowxperm system_server frp_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD };
 
 # Clean up old cgroups
 allow system_server cgroup:dir { remove_name rmdir };