diff --git a/fsck.te b/fsck.te
index 57664770b184a6254ed4f2f58f61cc7f1414bd57..d25517532922a4dcf6d3c2b40a9766a91b49ad80 100644
--- a/fsck.te
+++ b/fsck.te
@@ -10,7 +10,7 @@ init_daemon_domain(fsck)
 allow fsck tmpfs:chr_file { read write ioctl };
 
 # Inherit and use pty created by android_fork_execvp_ext().
-allow fsck devpts:chr_file { read write };
+allow fsck devpts:chr_file { read write ioctl };
 
 # Run e2fsck on block devices.
 # TODO:  Assign userdata and cache block device types to the corresponding
diff --git a/vold.te b/vold.te
index 620089602fda72762bc08d77f810db3cd8884eb4..ef3924b34b7274eeb4cfbb40b76ce3c6109ccddb 100644
--- a/vold.te
+++ b/vold.te
@@ -38,6 +38,9 @@ allow vold sysfs:file rw_file_perms;
 
 write_klog(vold)
 
+# Run fsck.
+allow vold fsck_exec:file rx_file_perms;
+
 # Log fsck results
 allow vold fscklogs:dir rw_dir_perms;
 allow vold fscklogs:file create_file_perms;