diff --git a/private/domain.te b/private/domain.te
index e181988f920e796121d8af8f3352fda44594c5aa..ff7f1b3a7743bcdb1ace817345966f4c23ca686f 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -35,9 +35,7 @@ full_treble_only(`
   # /sys
   neverallow {
     coredomain
-    -charger
     -dumpstate
-    -healthd
     -init
     -priv_app
     -storaged
diff --git a/public/charger.te b/public/charger.te
index 4577cbcec5f5dcf2448184780006a2725b64884b..ed6986769d41374e5e340a648484452a8c9db75f 100644
--- a/public/charger.te
+++ b/public/charger.te
@@ -6,7 +6,7 @@ type charger, domain;
 allow charger kmsg_device:chr_file rw_file_perms;
 
 # Read access to pseudo filesystems.
-r_dir_file(charger, sysfs_type)
+allow charger sysfs_type:dir search;
 r_dir_file(charger, rootfs)
 r_dir_file(charger, cgroup)
 
@@ -20,7 +20,7 @@ allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
 # Read/write to /sys/power/state
 allow charger sysfs_power:file rw_file_perms;
 
-allow charger sysfs_batteryinfo:file r_file_perms;
+r_dir_file(charger, sysfs_batteryinfo)
 
 # Read /sys/fs/pstore/console-ramoops
 # Don't worry about overly broad permissions for now, as there's
diff --git a/public/healthd.te b/public/healthd.te
index 856a4b1241c8087d22fa14d23daa67a4239b7f04..64c1723ccb88e6b2dfd74aff51e023a90a3a7ffc 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -6,7 +6,7 @@ type healthd_exec, exec_type, file_type;
 allow healthd kmsg_device:chr_file rw_file_perms;
 
 # Read access to pseudo filesystems.
-r_dir_file(healthd, sysfs_type)
+allow healthd sysfs_type:dir search;
 r_dir_file(healthd, rootfs)
 r_dir_file(healthd, cgroup)
 
@@ -26,16 +26,13 @@ binder_service(healthd)
 binder_call(healthd, system_server)
 hal_client_domain(healthd, hal_health)
 
-# Write to state file.
-# TODO:  Split into a separate type?
-allow healthd sysfs:file write;
+# Read/write to /sys/power/state
+allow healthd sysfs_power:file rw_file_perms;
 
 # TODO: added to match above sysfs rule. Remove me?
 allow healthd sysfs_usb:file write;
 
-allow healthd sysfs_batteryinfo:file r_file_perms;
-
-r_dir_file(healthd, sysfs_type)
+r_dir_file(healthd, sysfs_batteryinfo)
 
 ###
 ### healthd: charger mode