diff --git a/domain.te b/domain.te
index d25e1f42582a16d649b745ae729ce27ed1a6dc66..5f918677ea532a19ab33af93711fb82412a03d50 100644
--- a/domain.te
+++ b/domain.te
@@ -127,6 +127,10 @@ allow domain debugfs:dir search;
 allow domain debugfs_tracing:dir search;
 allow domain debugfs_trace_marker:file w_file_perms;
 
+# Filesystem access.
+allow domain fs_type:filesystem getattr;
+allow domain fs_type:dir getattr;
+
 ###
 ### neverallow rules
 ###
diff --git a/domain_deprecated.te b/domain_deprecated.te
index 7be9a3e8c7f9d874cf2792ceea282ee30917fc3a..0db79da54a982c4b868d8e7dfe877b4ccfaea811 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -25,10 +25,6 @@ allow domain_deprecated rootfs:lnk_file r_file_perms;
 # Device accesses.
 allow domain_deprecated device:file read;
 
-# Filesystem accesses.
-allow domain_deprecated fs_type:filesystem getattr;
-allow domain_deprecated fs_type:dir getattr;
-
 # System file accesses.
 allow domain_deprecated system_file:dir r_dir_perms;
 allow domain_deprecated system_file:file r_file_perms;