diff --git a/public/dex2oat.te b/public/dex2oat.te
index e5472960f9ed43441c15c864f23c924db72196b1..72b04a10748d2b131ce14aeaafc16781eae87dd4 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -24,7 +24,7 @@ allow dex2oat user_profile_data_file:file { getattr read lock };
 
 # Allow dex2oat to compile app's secondary dex files which were reported back to
 # the framework.
-allow dex2oat app_data_file:file { getattr read write };
+allow dex2oat app_data_file:file { getattr read write lock };
 
 ##################
 # A/B OTA Dexopt #
diff --git a/public/profman.te b/public/profman.te
index ff8154060a14dac37cd93e1c5c514ad785dffb7f..a5c18b51d8b51ad4311f5c0ba0bae54743e4d176 100644
--- a/public/profman.te
+++ b/public/profman.te
@@ -14,6 +14,11 @@ allow profman profman_dump_data_file:file { write };
 
 allow profman installd:fd use;
 
+# Allow profman to analyze profiles for the secondary dex files. These
+# are application dex files reported back to the framework when using
+# BaseDexClassLoader.
+allow profman app_data_file:file { getattr read write lock };
+
 ###
 ### neverallow rules
 ###