diff --git a/domain.te b/domain.te
index bed4e67f6b0653b2f0c0b76055462988344bac67..1ac33f1a46b52327036acba016b9c3d531d8506f 100644
--- a/domain.te
+++ b/domain.te
@@ -110,6 +110,8 @@ r_dir_file(domain, zoneinfo_data_file)
 # Lots of processes access current CPU information
 r_dir_file(domain, sysfs_devices_system_cpu)
 
+r_dir_file(domain, sysfs_usb);
+
 # files under /data.
 allow domain system_data_file:dir { search getattr };
 allow domain system_data_file:lnk_file read;
diff --git a/file.te b/file.te
index 651078b88ebd8ba2db2539d7b27ea51eedab465c..84af4a7194f9b1ff9b61d76f08bcdea35a123bcc 100644
--- a/file.te
+++ b/file.te
@@ -30,6 +30,7 @@ type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
 type sysfs_mac_address, fs_type, sysfs_type;
+type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
 type configfs, fs_type;
 # /sys/devices/system/cpu
 type sysfs_devices_system_cpu, fs_type, sysfs_type;