diff --git a/app.te b/app.te
index 48aebbf0a00cf09661cff0e2bb99063367a4c02c..7364d24513c09bd29c187530c065a1dd10ae51f9 100644
--- a/app.te
+++ b/app.te
@@ -219,6 +219,10 @@ allow appdomain runas_exec:file getattr;
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
 
+# appdomain should not be accessing information on /sys
+auditallow appdomain sysfs:dir { open getattr read ioctl };
+auditallow appdomain sysfs:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###