diff --git a/private/system_server.te b/private/system_server.te
index c10a617ef7ccfb6aaf68d8fb3d159d423adc1ba4..1d1b92be92b6e0db6262284f78a8dee4494e0475 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -720,6 +720,13 @@ with_asan(`
   allow system_server zygote_exec:file rx_file_perms;
 ')
 
+# ART Profiles.
+# Allow system_server to open profile snapshots for read.
+# System server never reads the actual content. It passes the descriptor to
+# to privileged apps which acquire the permissions to inspect the profiles.
+allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:file { open read };
+
 ###
 ### Neverallow rules
 ###