diff --git a/public/file.te b/public/file.te
index 72f22feea5765ebbbab976bd262c0b5cd23eeb11..bcdc4612b46f032120565a95263948a36d24e999 100644
--- a/public/file.te
+++ b/public/file.te
@@ -324,6 +324,7 @@ type vndservice_contexts_file, file_type;
 
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;
+allow cgroup tmpfs:filesystem associate;
 allow sysfs_type sysfs:filesystem associate;
 allow debugfs_type { debugfs debugfs_tracing }:filesystem associate;
 allow file_type labeledfs:filesystem associate;
diff --git a/public/lmkd.te b/public/lmkd.te
index f4e6c2d57091273592e66cabbcfa5f51bac20b32..208720ca61b0d8d0b91eb909dd3e2eaaf8115c34 100644
--- a/public/lmkd.te
+++ b/public/lmkd.te
@@ -27,6 +27,9 @@ allow lmkd appdomain:process sigkill;
 # Clean up old cgroups
 allow lmkd cgroup:dir { remove_name rmdir };
 
+# Allow to read memcg stats
+allow lmkd cgroup:file r_file_perms;
+
 # Set self to SCHED_FIFO
 allow lmkd self:capability sys_nice;
 
diff --git a/public/mediametrics.te b/public/mediametrics.te
index 4c10d878cdc5b610ec88b311bd58b58db4d3c06a..ada90cca3a1651949033e3d2d658d81712a8fb81 100644
--- a/public/mediametrics.te
+++ b/public/mediametrics.te
@@ -17,6 +17,9 @@ allow mediametrics proc_meminfo:file r_file_perms;
 # allows interactions with dumpsys to GMScore
 allow mediametrics app_data_file:file write;
 
+# allow access to package manager for uid->apk mapping
+allow mediametrics package_native_service:service_manager find;
+
 ###
 ### neverallow rules
 ###