diff --git a/private/file.te b/private/file.te
index 0dcf25461e61b88b1bc83cff2136d18726727036..fda972b48f11e374048e78ade629a76df82db556 100644
--- a/private/file.te
+++ b/private/file.te
@@ -1,5 +1,5 @@
 # /proc/config.gz
-type config_gz, fs_type;
+type config_gz, fs_type, proc_type;
 
 # /data/misc/stats-data, /data/misc/stats-service
 type stats_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/attributes b/public/attributes
index 0aec64561e504c93bf8756e53aa5ca400b7c862b..50001e1eec79d2079376a8046fa7c28e05a89a14 100644
--- a/public/attributes
+++ b/public/attributes
@@ -36,7 +36,10 @@ expandattribute core_data_file_type false;
 # All types in /vendor
 attribute vendor_file_type;
 
-# All types use for sysfs files.
+# All types used for procfs files.
+attribute proc_type;
+
+# All types used for sysfs files.
 attribute sysfs_type;
 
 # All types use for debugfs files.
diff --git a/public/domain.te b/public/domain.te
index 869d94e8cddfa9cf48b4b89c12181fa22714d0ed..f602d088472962ae823401c02e2af658cfa91a9e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1319,3 +1319,14 @@ neverallow {
   -zygote
 } self:capability dac_override;
 neverallow domain self:capability dac_read_search;
+
+# If an already existing file is opened with O_CREATE, the kernel might generate
+# a false report of a create denial. Silence these denials and make sure that
+# inappropriate permissions are not granted.
+neverallow domain {
+  proc_type
+  sysfs_type
+}:dir { add_name create link remove_name rename reparent rmdir write };
+
+dontaudit domain proc_type:dir write;
+dontaudit domain sysfs_type:dir write;
diff --git a/public/file.te b/public/file.te
index c6b4ba86c106991f7510ebcb54e793b1f5f0dcfd..9301d8901190dae8bd1d0d231fc07bd2883f1bfd 100644
--- a/public/file.te
+++ b/public/file.te
@@ -3,65 +3,65 @@ type labeledfs, fs_type;
 type pipefs, fs_type;
 type sockfs, fs_type;
 type rootfs, fs_type;
-type proc, fs_type;
+type proc, fs_type, proc_type;
 # Security-sensitive proc nodes that should not be writable to most.
-type proc_security, fs_type;
-type proc_drop_caches, fs_type;
-type proc_overcommit_memory, fs_type;
-type proc_min_free_order_shift, fs_type;
+type proc_security, fs_type, proc_type;
+type proc_drop_caches, fs_type, proc_type;
+type proc_overcommit_memory, fs_type, proc_type;
+type proc_min_free_order_shift, fs_type, proc_type;
 # proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers.
-type usermodehelper, fs_type;
+type usermodehelper, fs_type, proc_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;
-type qtaguid_proc, fs_type, mlstrustedobject;
-type proc_qtaguid_stat, fs_type, mlstrustedobject;
-type proc_bluetooth_writable, fs_type;
-type proc_abi, fs_type;
-type proc_asound, fs_type;
-type proc_buddyinfo, fs_type;
-type proc_cmdline, fs_type;
-type proc_cpuinfo, fs_type;
-type proc_dirty, fs_type;
-type proc_diskstats, fs_type;
-type proc_extra_free_kbytes, fs_type;
-type proc_filesystems, fs_type;
-type proc_hostname, fs_type;
-type proc_hung_task, fs_type;
-type proc_interrupts, fs_type;
-type proc_iomem, fs_type;
-type proc_kmsg, fs_type;
-type proc_loadavg, fs_type;
-type proc_max_map_count, fs_type;
-type proc_meminfo, fs_type;
-type proc_misc, fs_type;
-type proc_modules, fs_type;
-type proc_mounts, fs_type;
-type proc_net, fs_type;
-type proc_page_cluster, fs_type;
-type proc_pagetypeinfo, fs_type;
-type proc_panic, fs_type;
-type proc_perf, fs_type;
-type proc_pid_max, fs_type;
-type proc_pipe_conf, fs_type;
-type proc_random, fs_type;
-type proc_sched, fs_type;
-type proc_stat, fs_type;
-type proc_swaps, fs_type;
-type proc_sysrq, fs_type;
-type proc_timer, fs_type;
-type proc_tty_drivers, fs_type;
-type proc_uid_cputime_showstat, fs_type;
-type proc_uid_cputime_removeuid, fs_type;
-type proc_uid_io_stats, fs_type;
-type proc_uid_procstat_set, fs_type;
-type proc_uid_time_in_state, fs_type;
-type proc_uid_concurrent_active_time, fs_type;
-type proc_uid_concurrent_policy_time, fs_type;
-type proc_uid_cpupower, fs_type;
-type proc_uptime, fs_type;
-type proc_version, fs_type;
-type proc_vmallocinfo, fs_type;
-type proc_vmstat, fs_type;
-type proc_zoneinfo, fs_type;
+type qtaguid_proc, fs_type, mlstrustedobject, proc_type;
+type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type;
+type proc_bluetooth_writable, fs_type, proc_type;
+type proc_abi, fs_type, proc_type;
+type proc_asound, fs_type, proc_type;
+type proc_buddyinfo, fs_type, proc_type;
+type proc_cmdline, fs_type, proc_type;
+type proc_cpuinfo, fs_type, proc_type;
+type proc_dirty, fs_type, proc_type;
+type proc_diskstats, fs_type, proc_type;
+type proc_extra_free_kbytes, fs_type, proc_type;
+type proc_filesystems, fs_type, proc_type;
+type proc_hostname, fs_type, proc_type;
+type proc_hung_task, fs_type, proc_type;
+type proc_interrupts, fs_type, proc_type;
+type proc_iomem, fs_type, proc_type;
+type proc_kmsg, fs_type, proc_type;
+type proc_loadavg, fs_type, proc_type;
+type proc_max_map_count, fs_type, proc_type;
+type proc_meminfo, fs_type, proc_type;
+type proc_misc, fs_type, proc_type;
+type proc_modules, fs_type, proc_type;
+type proc_mounts, fs_type, proc_type;
+type proc_net, fs_type, proc_type;
+type proc_page_cluster, fs_type, proc_type;
+type proc_pagetypeinfo, fs_type, proc_type;
+type proc_panic, fs_type, proc_type;
+type proc_perf, fs_type, proc_type;
+type proc_pid_max, fs_type, proc_type;
+type proc_pipe_conf, fs_type, proc_type;
+type proc_random, fs_type, proc_type;
+type proc_sched, fs_type, proc_type;
+type proc_stat, fs_type, proc_type;
+type proc_swaps, fs_type, proc_type;
+type proc_sysrq, fs_type, proc_type;
+type proc_timer, fs_type, proc_type;
+type proc_tty_drivers, fs_type, proc_type;
+type proc_uid_cputime_showstat, fs_type, proc_type;
+type proc_uid_cputime_removeuid, fs_type, proc_type;
+type proc_uid_io_stats, fs_type, proc_type;
+type proc_uid_procstat_set, fs_type, proc_type;
+type proc_uid_time_in_state, fs_type, proc_type;
+type proc_uid_concurrent_active_time, fs_type, proc_type;
+type proc_uid_concurrent_policy_time, fs_type, proc_type;
+type proc_uid_cpupower, fs_type, proc_type;
+type proc_uptime, fs_type, proc_type;
+type proc_version, fs_type, proc_type;
+type proc_vmallocinfo, fs_type, proc_type;
+type proc_vmstat, fs_type, proc_type;
+type proc_zoneinfo, fs_type, proc_type;
 type selinuxfs, fs_type, mlstrustedobject;
 type cgroup, fs_type, mlstrustedobject;
 type cgroup_bpf, fs_type;
@@ -83,10 +83,10 @@ type sysfs_net, fs_type, sysfs_type;
 type sysfs_power, fs_type, sysfs_type;
 type sysfs_rtc, fs_type, sysfs_type;
 type sysfs_switch, fs_type, sysfs_type;
-type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
+type sysfs_usb, fs_type, sysfs_type;
 type sysfs_wakeup_reasons, fs_type, sysfs_type;
 type sysfs_fs_ext4_features, sysfs_type, fs_type;
-type fs_bpf, fs_type, sysfs_type;
+type fs_bpf, fs_type;
 type configfs, fs_type;
 # /sys/devices/system/cpu
 type sysfs_devices_system_cpu, fs_type, sysfs_type;