diff --git a/private/system_server.te b/private/system_server.te
index 14f02eb941faeec9949d1132aa5e76b6aeafed32..b56178aa227c91f30e670893a4ae2d01119e70c1 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -722,6 +722,13 @@ with_asan(`
   allow system_server zygote_exec:file rx_file_perms;
 ')
 
+# ART Profiles.
+# Allow system_server to open profile snapshots for read.
+# System server never reads the actual content. It passes the descriptor to
+# to privileged apps which acquire the permissions to inspect the profiles.
+allow system_server user_profile_data_file:dir { search };
+allow system_server user_profile_data_file:file { open read };
+
 ###
 ### Neverallow rules
 ###