diff --git a/public/domain.te b/public/domain.te
index ab16849809c93dedffaaa7e5066fc0114f0d1b7a..7c53d0c376998e7b37217f54024686f34a499e1e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -77,6 +77,8 @@ allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_devic
 allow domain ptmx_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
 allow domain random_device:chr_file rw_file_perms;
+allow domain proc_random:dir r_dir_perms;
+allow domain proc_random:file r_file_perms;
 allow domain properties_device:dir { search getattr };
 allow domain properties_serial:file r_file_perms;
 
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index e27590054d8405e3a43955419f9bbf2b946447ec..eb4cdc1943507814087090b277402508113f855b 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -38,9 +38,8 @@ allow update_engine_common shell_exec:file rx_file_perms;
 # Allow update_engine_common to suspend, resume and kill the postinstall program.
 allow update_engine_common postinstall:process { signal sigstop sigkill };
 
-# access /proc/cmdline and /proc/sys/kernel/random/
+# access /proc/cmdline
 allow update_engine_common proc_cmdline:file r_file_perms;
-r_dir_file(update_engine_common, proc_random)
 
 # Read files in /sys/firmware/devicetree/base/firmware/android/
 r_dir_file(update_engine_common, sysfs_dt_firmware_android)