diff --git a/public/perfprofd.te b/public/perfprofd.te
index 494e75bed50c8def2efc2d507b66e21b5cea6737..f067af5d4a9b5da0c847ef04eadb4324f9b477e8 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -82,10 +82,12 @@ userdebug_or_eng(`
 
   # simpleperf examines debugfs on startup to collect tracepoint event types
   r_dir_file(perfprofd, debugfs_tracing)
-  allow perfprofd debugfs_tracing_debug:file r_file_perms;
+  r_dir_file(perfprofd, debugfs_tracing_debug)
 
   # simpleperf is going to execute "sleep"
   allow perfprofd toolbox_exec:file rx_file_perms;
+  # simpleperf is going to execute "mv" on a temp file
+  allow perfprofd shell_exec:file rx_file_perms;
 
   # needed for simpleperf on some kernels
   allow perfprofd self:global_capability_class_set ipc_lock;