diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index 4be640118c295146f0759733d7e33fee6b385a67..63f56c876ba516623db5277849d4e9f2565c656e 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -17,6 +17,7 @@ allow mediaprovider cache_file:lnk_file r_file_perms;
 
 allow mediaprovider app_api_service:service_manager find;
 allow mediaprovider audioserver_service:service_manager find;
+allow mediaprovider drmserver_service:service_manager find;
 allow mediaprovider mediaserver_service:service_manager find;
 allow mediaprovider surfaceflinger_service:service_manager find;
 
diff --git a/public/kernel.te b/public/kernel.te
index 8a010a2aa6087b806b013242ae4c1f4c43be4957..7f5d2244319d4ff13633572846ce9667745127e9 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -53,6 +53,9 @@ allow kernel self:security setcheckreqprot;
 # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
 allow kernel sdcard_type:file { read write };
 
+# f_mtp driver accesses files from kernel context.
+allow kernel mediaprovider:fd use;
+
 # Allow the kernel to read OBB files from app directories. (b/17428116)
 # Kernel thread "loop0" reads a vold supplied file descriptor.
 # Fixes CTS tests: