diff --git a/app.te b/app.te
index f42dbb4ec895449db91b1a4980494511656dad1d..5fbe01ea83e458bc57c7fe6ef990df4bbd93cd00 100644
--- a/app.te
+++ b/app.te
@@ -207,6 +207,8 @@ allow appdomain console_device:chr_file { read write };
 # only allow unprivileged socket ioctl commands
 allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket } ioctl unpriv_sock_ioctls;
 
+allow { appdomain -isolated_app } ion_device:chr_file rw_file_perms;
+
 ###
 ### CTS-specific rules
 ###
diff --git a/domain.te b/domain.te
index 5f918677ea532a19ab33af93711fb82412a03d50..8dab77f2b88dea77161ae1dee3393ead2b50a3e2 100644
--- a/domain.te
+++ b/domain.te
@@ -23,6 +23,7 @@ allow domain self:process {
 };
 allow domain self:fd use;
 allow domain proc:dir search;
+allow domain proc_net:dir search;
 allow domain self:dir r_dir_perms;
 allow domain self:lnk_file r_file_perms;
 allow domain self:{ fifo_file file } rw_file_perms;