diff --git a/dumpstate.te b/dumpstate.te
index 31695a5c32d7f3541937f941860915780bf411c2..69504b9fb7ab6eed53fbe02ecdb3b695b1de8824 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -174,3 +174,4 @@ allow dumpstate atrace_exec:file rx_file_perms;
 # accesses to the underlying FS.
 allow dumpstate media_rw_data_file:dir getattr;
 allow dumpstate proc_interrupts:file r_file_perms;
+allow dumpstate proc_zoneinfo:file r_file_perms;
diff --git a/file.te b/file.te
index 6edbd42892013ceefda38c4f7f0489d7c2e8d463..235ac77ed478f6529493bded0b86e4ee739c5ba8 100644
--- a/file.te
+++ b/file.te
@@ -22,6 +22,7 @@ type proc_sysrq, fs_type;
 type proc_timer, fs_type;
 type proc_uid_cputime_showstat, fs_type;
 type proc_uid_cputime_removeuid, fs_type;
+type proc_zoneinfo, fs_type;
 type selinuxfs, fs_type, mlstrustedobject;
 type cgroup, fs_type, mlstrustedobject;
 type sysfs, fs_type, sysfs_type, mlstrustedobject;
diff --git a/genfs_contexts b/genfs_contexts
index 57b967cbc17ea9af05a00c9694261e1faacc4b28..bb2fea90b339f8a1609bcfbb3019a32440e6d0a3 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -31,6 +31,7 @@ genfscon proc /timer_list u:object_r:proc_timer:s0
 genfscon proc /timer_stats u:object_r:proc_timer:s0
 genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0
 genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0
+genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0
 
 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0
diff --git a/lmkd.te b/lmkd.te
index 570cbcab268c66610e86e69c178c2a2f1ac39d55..5302bcd56d04bed26bbc5d33ef97d2b584c513f6 100644
--- a/lmkd.te
+++ b/lmkd.te
@@ -34,6 +34,8 @@ allow lmkd cgroup:dir { remove_name rmdir };
 # Set self to SCHED_FIFO
 allow lmkd self:capability sys_nice;
 
+allow lmkd proc_zoneinfo:file r_file_perms;
+
 ### neverallow rules
 
 # never honor LD_PRELOAD
diff --git a/shell.te b/shell.te
index 006313e24535a0c29b8ed5a4b73e7684632f3a1b..a31b153d1e785dbfafc512e7140e7f3ecdc82d28 100644
--- a/shell.te
+++ b/shell.te
@@ -100,6 +100,7 @@ allow shell proc_interrupts:file r_file_perms;
 allow shell proc_meminfo:file r_file_perms;
 allow shell proc_stat:file r_file_perms;
 allow shell proc_timer:file r_file_perms;
+allow shell proc_zoneinfo:file r_file_perms;
 r_dir_file(shell, cgroup)
 allow shell domain:dir { search open read getattr };
 allow shell domain:{ file lnk_file } { open read getattr };