diff --git a/dumpstate.te b/dumpstate.te
index dda8a58717f6efc2939f1ed0841939bace151b03..02a967447689314d3b314f3064a6607fd7dfa232 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -181,3 +181,4 @@ allow dumpstate atrace_exec:file rx_file_perms;
 # This should be removed if sdcardfs is modified to alter the secontext for its
 # accesses to the underlying FS.
 allow dumpstate media_rw_data_file:dir getattr;
+allow dumpstate proc_interrupts:file r_file_perms;
diff --git a/file.te b/file.te
index 086f2a87c26ac2fc66da11af796a98d8f772a1cb..ee8040496ece17e059bf543e89497601b0714e4c 100644
--- a/file.te
+++ b/file.te
@@ -13,10 +13,13 @@ type usermodehelper, fs_type, sysfs_type;
 type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_cpuinfo, fs_type;
+type proc_interrupts, fs_type;
 type proc_iomem, fs_type;
 type proc_meminfo, fs_type;
 type proc_net, fs_type;
+type proc_stat, fs_type;
 type proc_sysrq, fs_type;
+type proc_timer, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
 type selinuxfs, fs_type, mlstrustedobject;
diff --git a/genfs_contexts b/genfs_contexts
index 81749fd1c89e5ca44e48e45fd90a60ca22ac4eeb..57b967cbc17ea9af05a00c9694261e1faacc4b28 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -2,11 +2,14 @@
 genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
+genfscon proc /interrupts u:object_r:proc_interrupts:s0
 genfscon proc /iomem u:object_r:proc_iomem:s0
 genfscon proc /meminfo u:object_r:proc_meminfo:s0
 genfscon proc /net u:object_r:proc_net:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon proc /softirqs u:object_r:proc_timer:s0
+genfscon proc /stat u:object_r:proc_stat:s0
 genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
 genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
 genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
@@ -24,6 +27,8 @@ genfscon proc /sys/net u:object_r:proc_net:s0
 genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
 genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0
 genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0
+genfscon proc /timer_list u:object_r:proc_timer:s0
+genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
 
diff --git a/init.te b/init.te
index b5c7d511d2e64210d6730518d4bad7eeff187462..f6e6efb64c7c9f26414aa8d2078fac0d04f7c0ab 100644
--- a/init.te
+++ b/init.te
@@ -198,6 +198,9 @@ allow init self:capability net_admin;
 # Write to /proc/sysrq-trigger.
 allow init proc_sysrq:file w_file_perms;
 
+# Read /proc/stat for bootchart.
+allow init proc_stat:file r_file_perms;
+
 # Reboot.
 allow init self:capability sys_boot;
 
diff --git a/shell.te b/shell.te
index 3e3972ad9d1ca35d3dc2526bdff5a0ecccf4f1fb..006313e24535a0c29b8ed5a4b73e7684632f3a1b 100644
--- a/shell.te
+++ b/shell.te
@@ -96,7 +96,10 @@ allow shell { service_manager_type -gatekeeper_service -netd_service }:service_m
 # allow shell to look through /proc/ for ps, top, netstat
 r_dir_file(shell, proc)
 r_dir_file(shell, proc_net)
+allow shell proc_interrupts:file r_file_perms;
 allow shell proc_meminfo:file r_file_perms;
+allow shell proc_stat:file r_file_perms;
+allow shell proc_timer:file r_file_perms;
 r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };
diff --git a/system_server.te b/system_server.te
index 7a8930e38667f5495730f2476f6bc93061ecca60..5d544423313f4f85715d031637244800143df58a 100644
--- a/system_server.te
+++ b/system_server.te
@@ -113,6 +113,9 @@ allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr };
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;
 
+# Read /proc/stat for CPU usage statistics
+allow system_server proc_stat:file r_file_perms;
+
 # Read /sys/kernel/debug/wakeup_sources.
 allow system_server debugfs:file r_file_perms;