diff --git a/private/system_server.te b/private/system_server.te
index 65fb7dec5c2fcb228290db57a8c9daf7ae4ec980..2102391ce229ca1c997f6802315e0b054d53875e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -727,7 +727,7 @@ with_asan(`
 # System server never reads the actual content. It passes the descriptor to
 # to privileged apps which acquire the permissions to inspect the profiles.
 allow system_server user_profile_data_file:dir { search };
-allow system_server user_profile_data_file:file { open read };
+allow system_server user_profile_data_file:file { getattr open read };
 
 ###
 ### Neverallow rules