diff --git a/isolated_app.te b/isolated_app.te
index 77f14d323e7306e7ea4f5f86c3ef388439a79741..1b33484c5ea9da3d3f984ff0235fe6a1e9d4d2d3 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -21,3 +21,9 @@ r_dir_file(appdomain, isolated_app)
 # Chrome works, may need to be updated as more apps using isolated services
 # are examined.
 allow isolated_app appdomain:unix_stream_socket { read write };
+
+allow isolated_app dalvikcache_data_file:file execute;
+allow isolated_app apk_data_file:dir getattr;
+
+allow isolated_app init:unix_stream_socket { read write getattr getopt };
+allow isolated_app init_tmpfs:file read;
diff --git a/kernel.te b/kernel.te
index 023e45790c12fed62b961620a3f8f63131641e47..e313587b868472361b6470d46bb571fa7f957ce1 100644
--- a/kernel.te
+++ b/kernel.te
@@ -6,3 +6,4 @@ unconfined_domain(kernel)
 relabelto_domain(kernel)
 
 allow kernel {fs_type dev_type file_type}:dir_file_class_set relabelto;
+allow kernel unlabeled:filesystem mount;
diff --git a/system.te b/system.te
index 24d4a676b0b6dc16730a2bfd516d2dc915ef3f6f..b096b68b8b1b1e1853c8b400ebcec607d83b5d6a 100644
--- a/system.te
+++ b/system.te
@@ -14,5 +14,10 @@ allow system self:zygote { specifyids specifyrlimits specifyseinfo };
 
 allow system backup_data_file:dir relabelto;
 allow system cache_backup_file:dir relabelto;
+allow system anr_data_file:dir relabelto;
+allow system system_data_file:dir relabelto;
 allow system apk_data_file:file relabelto;
 allow system apk_tmp_file:file relabelto;
+allow system cache_backup_file:file relabelto;
+allow system apk_private_tmp_file:file relabelto;
+allow system wallpaper_file:file relabelto;