diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index 7246b7f8b2eac6703d6da6f33e1f26afd3767e87..234588a2e768ebc56645b416c87271709cc16235 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -564,7 +564,7 @@
 (typeattributeset surfaceflinger_26_0 (surfaceflinger))
 (typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
 (typeattributeset swap_block_device_26_0 (swap_block_device))
-(typeattributeset sysfs_26_0 (sysfs))
+(typeattributeset sysfs_26_0 (sysfs sysfs_dm))
 (typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
 (typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
 (typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6a95ffbdb9d9974462812809fb2367786aaa4386..563da5d5c73a20c8d086c6fa072fe47eb29ba947 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -62,6 +62,7 @@ genfscon sysfs / u:object_r:sysfs:s0
 genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
 genfscon sysfs /class/leds                        u:object_r:sysfs_leds:s0
 genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
+genfscon sysfs /devices/virtual/block/dm-       u:object_r:sysfs_dm:s0
 genfscon sysfs /devices/virtual/block/zram0     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram1     u:object_r:sysfs_zram:s0
 genfscon sysfs /devices/virtual/block/zram0/uevent    u:object_r:sysfs_zram_uevent:s0
diff --git a/public/file.te b/public/file.te
index bcd2fdda9a9cab25a0bc42ef3b7252c64de4773f..d79fb6044295d0564f14be03fdccf2b77ae3362e 100644
--- a/public/file.te
+++ b/public/file.te
@@ -47,6 +47,7 @@ type sysfs, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_uio, sysfs_type, fs_type;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_dm, fs_type, sysfs_type;
 type sysfs_leds, fs_type, sysfs_type;
 type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 6bba17b76a71bd0964ff22c0ed6bf631056ae6bb..5d20eca8225ea9e5e52395deaffb8d0ccfdd3ffe 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -9,7 +9,16 @@ allow update_verifier block_device:dir search;
 allow update_verifier ota_package_file:dir r_dir_perms;
 allow update_verifier ota_package_file:file r_file_perms;
 
-# Read all blocks in dm wrapped system partition.
+# Read /sys/block to find all the DM directories like (/sys/block/dm-X).
+allow update_verifier sysfs:dir r_dir_perms;
+
+# Read /sys/block/dm-X/dm/name (which is a symlink to
+# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between
+# dm-X and system/vendor partitions.
+allow update_verifier sysfs_dm:dir r_dir_perms;
+allow update_verifier sysfs_dm:file r_file_perms;
+
+# Read all blocks in DM wrapped system partition.
 allow update_verifier dm_device:blk_file r_file_perms;
 
 # Write to kernel message.
diff --git a/public/vold.te b/public/vold.te
index a569f9ebd0b4dc9778aba432864b77ff6c29da1a..71932dfc72f051f44d083abb8eafed2172903c06 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -12,6 +12,7 @@ r_dir_file(vold, proc_net)
 r_dir_file(vold, sysfs_type)
 # XXX Label sysfs files with a specific type?
 allow vold sysfs:file w_file_perms;
+allow vold sysfs_dm:file w_file_perms;
 allow vold sysfs_usb:file w_file_perms;
 allow vold sysfs_zram_uevent:file w_file_perms;