diff --git a/private/system_server.te b/private/system_server.te
index eff8e8f31f9c6bc574601770061f5d0dd2ef1cb1..df241047dd94e48efd3a6e80e13a179f5955abfb 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -725,6 +725,11 @@ with_asan(`
   allow system_server zygote_exec:file rx_file_perms;
 ')
 
+# allow system_server to read the eBPF maps that stores the traffic stats information amd clean up
+# the map after snapshot is recorded
+allow system_server fs_bpf:file write;
+allow system_server netd:bpf { map_read map_write };
+
 # ART Profiles.
 # Allow system_server to open profile snapshots for read.
 # System server never reads the actual content. It passes the descriptor to