diff --git a/system_app.te b/system_app.te
index 6fe8106a8efa6f10952bf64a54ab0e2246a25fc6..fed44d1f6d92cc7d92c2c2316c25741b4a56e8f3 100644
--- a/system_app.te
+++ b/system_app.te
@@ -45,6 +45,9 @@ allow system_app logd_prop:property_service set;
 allow system_app anr_data_file:dir ra_dir_perms;
 allow system_app anr_data_file:file create_file_perms;
 
+# Settings need to access app name and icon from asec
+allow system_app asec_apk_file:file r_file_perms;
+
 allow system_app system_app_service:service_manager add;
 
 allow system_app keystore:keystore_key {
diff --git a/untrusted_app.te b/untrusted_app.te
index 2b2a2e76ad283f680987a07183d2566b21169d3a..3fd4a40cce5df2813fb17310b4d13e5fd4dbd07b 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -32,7 +32,6 @@ allow untrusted_app app_data_file:file { rx_file_perms execmod };
 allow untrusted_app tun_device:chr_file rw_file_perms;
 
 # ASEC
-allow untrusted_app asec_apk_file:dir { getattr };
 allow untrusted_app asec_apk_file:file r_file_perms;
 # Execute libs in asec containers.
 allow untrusted_app asec_public_file:file { execute execmod };