diff --git a/private/domain.te b/private/domain.te
index 093e3026fadb94191ac7db3ea9dcc9161318fd3b..aa4305862e602b18af45781f3267931d6517c275 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -83,6 +83,7 @@ full_treble_only(`
     -charger
     -dumpstate
     -healthd
+    userdebug_or_eng(`-incidentd')
     -init
     -logd
     -logpersist
diff --git a/private/incident_helper.te b/private/incident_helper.te
index e9bb511805ed8a8e149d66e6375d175ed519f018..e1e3fc826b3af9d72378e6cbefb8b8d276790dda 100644
--- a/private/incident_helper.te
+++ b/private/incident_helper.te
@@ -8,6 +8,7 @@ domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
 # use pipe to transmit data from/to incidentd/incident_helper for parsing
 allow incident_helper { shell incident incidentd }:fd use;
 allow incident_helper { shell incident incidentd }:fifo_file { getattr read write };
+allow incident_helper incidentd:unix_stream_socket { read write };
 
 # only allow incidentd and shell to call incident_helper
 neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
diff --git a/private/incidentd.te b/private/incidentd.te
index 824dece286d4d2496cc8461920239b5cfb34d53f..22ff985c351bc026aebf7e5d2427c96464421e87 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -38,6 +38,10 @@ allow incidentd domain:process getattr;
 allow incidentd sysfs_batteryinfo:dir { search };
 allow incidentd sysfs_batteryinfo:file r_file_perms;
 
+# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops
+userdebug_or_eng(`allow incidentd pstorefs:dir search');
+userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
+
 # Create and write into /data/misc/incidents
 allow incidentd incident_data_file:dir rw_dir_perms;
 allow incidentd incident_data_file:file create_file_perms;