diff --git a/private/file_contexts b/private/file_contexts
index 4735191c5896f123acc38f0571441f7e347ebe74..6687144910a186cc5d98e2e1c7a6d8ad04a5cf37 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -249,6 +249,7 @@
 /system/bin/virtual_touchpad     u:object_r:virtual_touchpad_exec:s0
 /system/bin/vr_wm                u:object_r:vr_wm_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0
+/system/etc/selinux/plat_mac_permissions.xml u:object_r:mac_perms_file:s0
 /system/etc/selinux/plat_property_contexts  u:object_r:property_contexts_file:s0
 /system/etc/selinux/plat_service_contexts  u:object_r:service_contexts_file:s0
 /system/etc/selinux/plat_file_contexts  u:object_r:file_contexts_file:s0
@@ -261,6 +262,7 @@
 #
 /vendor(/.*)?		u:object_r:system_file:s0
 /vendor/etc/selinux/mapping_sepolicy.cil       u:object_r:sepolicy_file:s0
+/vendor/etc/selinux/nonplat_mac_permissions.xml u:object_r:mac_perms_file:s0
 /vendor/etc/selinux/nonplat_property_contexts   u:object_r:property_contexts_file:s0
 /vendor/etc/selinux/nonplat_service_contexts    u:object_r:service_contexts_file:s0
 /vendor/etc/selinux/nonplat_file_contexts   u:object_r:file_contexts_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index 698ae8ead970f0adfb745da6d09879df5a7d5284..ddeeb1b97bd1d72f214fc5ae1f7948709d707255 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -232,6 +232,8 @@ allow system_server mediadrmserver:udp_socket rw_socket_perms;
 
 # Get file context
 allow system_server file_contexts_file:file r_file_perms;
+# access for mac_permissions
+allow system_server mac_perms_file: file r_file_perms;
 # Check SELinux permissions.
 selinux_check_access(system_server)
 
diff --git a/public/file.te b/public/file.te
index bc54c347f16ab3385bc51cb4db78435bd6d8a0da..c19005dca5f720b73dabb4894ea980a031459e53 100644
--- a/public/file.te
+++ b/public/file.te
@@ -259,6 +259,9 @@ type gps_control, file_type;
 # file_contexts files
 type file_contexts_file, file_type;
 
+# mac_permissions file
+type mac_perms_file, file_type;
+
 # property_contexts file
 type property_contexts_file, file_type;