diff --git a/app.te b/app.te
index 7e06c102ff6a8c5a4c08dddeb29cf0b8a2e2e7a6..ed76ccf82f396fa088d5709db11bc8e0245b7288 100644
--- a/app.te
+++ b/app.te
@@ -103,6 +103,9 @@ allow appdomain wallpaper_file:file { read write };
 allow appdomain anr_data_file:dir search;
 allow appdomain anr_data_file:file { open append };
 
+# Write to /proc/net/xt_qtaguid/ctrl file.
+allow appdomain qtaguid:file write;
+
 # Use the Binder.
 binder_use(appdomain)
 # Perform binder IPC to binder services.
diff --git a/file.te b/file.te
index eb4c79211a884b9c0dbf87074640d2a1f5f262a0..f18eb23ba97efb47d1e0c944c8da6a2fa40affe4 100644
--- a/file.te
+++ b/file.te
@@ -4,6 +4,7 @@ type pipefs, fs_type;
 type sockfs, fs_type;
 type rootfs, fs_type;
 type proc, fs_type;
+type qtaguid, fs_type, mlstrustedobject;
 type selinuxfs, fs_type;
 type cgroup, fs_type, mlstrustedobject;
 type sysfs, fs_type, mlstrustedobject;
diff --git a/ocontexts b/ocontexts
index ddd57b63c9a3a6fb1e0da03f9de4facfc2697be8..7cbb989757810f1e53b148573d5574bd3d3d012c 100644
--- a/ocontexts
+++ b/ocontexts
@@ -51,6 +51,7 @@ fs_use_trans mqueue u:object_r:mqueue:s0;
 genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid:s0
 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0
 genfscon cgroup / u:object_r:cgroup:s0