diff --git a/private/app.te b/private/app.te
index f3e1e2a09c3f1600e5f956ff7b5434e4928c71ff..d739239cc53eeb2fb40644ad75ba430f560de95a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -2,6 +2,10 @@
 # Read system properties managed by zygote.
 allow appdomain zygote_tmpfs:file read;
 
+# Read from (but not create) system_server buffers transferred through
+# ashmem, e.g. battery stats.
+allow appdomain system_server_tmpfs:file read;
+
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind
         relabelfrom relabelto setattr shutdown };