diff --git a/domain.te b/domain.te
index 704c9a22bc38d3f1b2e865e861a4757510f846e2..596cd428e0c1a5cb6f01d38fa941a0f6132ff9be 100644
--- a/domain.te
+++ b/domain.te
@@ -113,3 +113,7 @@ allow domain debugfs:file rw_file_perms;
 dontaudit domain debugfs:dir r_dir_perms;
 dontaudit domain debugfs:file  rw_file_perms;
 }
+
+# security files
+allow domain security_file:dir { search getattr };
+allow domain security_file:file getattr;