diff --git a/bluetooth.te b/bluetooth.te
index b143726b7366382580a8d88eeffa2984bad022ec..ff664abbb38efe9b90570e986d3279c76bdcf107 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -54,6 +54,11 @@ unix_socket_connect(bluetooth, sap_uim, rild)
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow bluetooth media_rw_data_file:dir search;
+
 ###
 ### Neverallow rules
 ###
diff --git a/dumpstate.te b/dumpstate.te
index 19b8adf6470a69ee604f03858c703baf667e7ce4..8f64a0c5952ab3381a5095bcec42302ea7e96ec7 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -137,3 +137,8 @@ allow dumpstate debugfs_tracing:dir r_dir_perms;
 allow dumpstate debugfs_tracing:file rw_file_perms;
 allow dumpstate debugfs_trace_marker:file getattr;
 allow dumpstate atrace_exec:file rx_file_perms;
+
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow dumpstate media_rw_data_file:dir getattr;
diff --git a/system_server.te b/system_server.te
index 3cba2892f124a1878c918f516c15c71e2fd08430..8d8c30350c32b8b8c0da836c83cc73449a772649 100644
--- a/system_server.te
+++ b/system_server.te
@@ -492,6 +492,11 @@ allow system_server adbd:unix_stream_socket connectto;
 allow system_server adbd:fd use;
 allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
 
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow system_server media_rw_data_file:dir search;
+
 ###
 ### Neverallow rules
 ###