diff --git a/domain.te b/domain.te
index fb672ad0921871a720b254009fb2409fcc6c3364..2aba7e31dcfec050ddcdafb0aaa6e579596fa25f 100644
--- a/domain.te
+++ b/domain.te
@@ -127,6 +127,10 @@ allow domain debugfs:dir search;
 allow domain debugfs_tracing:dir search;
 allow domain debugfs_trace_marker:file w_file_perms;
 
+# Filesystem access.
+allow domain fs_type:filesystem getattr;
+allow domain fs_type:dir getattr;
+
 ###
 ### neverallow rules
 ###
diff --git a/domain_deprecated.te b/domain_deprecated.te
index 7be9a3e8c7f9d874cf2792ceea282ee30917fc3a..0db79da54a982c4b868d8e7dfe877b4ccfaea811 100644
--- a/domain_deprecated.te
+++ b/domain_deprecated.te
@@ -25,10 +25,6 @@ allow domain_deprecated rootfs:lnk_file r_file_perms;
 # Device accesses.
 allow domain_deprecated device:file read;
 
-# Filesystem accesses.
-allow domain_deprecated fs_type:filesystem getattr;
-allow domain_deprecated fs_type:dir getattr;
-
 # System file accesses.
 allow domain_deprecated system_file:dir r_dir_perms;
 allow domain_deprecated system_file:file r_file_perms;