diff --git a/access_vectors b/access_vectors
index 5e7834140f28997ac66bb988aba6c2c45a8cc0ba..74a377c5ed496e564162e2c510a391b3dea17b3e 100644
--- a/access_vectors
+++ b/access_vectors
@@ -914,4 +914,7 @@ class keystore_key
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 }
diff --git a/system_server.te b/system_server.te
index 99fb9634e0a8765823c929c4e3deb558cf88acee..de0408827e5bb360efbe38afbf3d3f36356bec8e 100644
--- a/system_server.te
+++ b/system_server.te
@@ -377,6 +377,9 @@ allow system_server keystore:keystore_key {
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 };
 
 # Allow system server to search and write to the persistent data block device