diff --git a/domain.te b/domain.te
index 105072556c73a10900abe5c47d172de89ef27cde..f1b0d58b3a74038dd04b50ef5a3e781820e4cf66 100644
--- a/domain.te
+++ b/domain.te
@@ -84,12 +84,13 @@ allow domain vold:key search;
 write_logd(domain)
 
 # System file accesses.
-allow domain system_file:dir search;
+allow domain system_file:dir { search getattr };
 allow domain system_file:file { execute read open getattr };
 allow domain system_file:lnk_file read;
 
 # files under /data.
 allow domain system_data_file:dir { search getattr };
+allow domain system_data_file:lnk_file read;
 
 # required by the dynamic linker
 allow domain proc:lnk_file read;