diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 95433981e9e2a23701686e45e6ca172e1df41fc0..231443357b9289a582707903ed0a6f841dbce760 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@@ -10,3 +10,9 @@ allow bufferhubd gpu_device:chr_file rw_file_perms;
 
 # Access /dev/ion
 allow bufferhubd ion_device:chr_file r_file_perms;
+
+# Receive sync fence FDs from mediacodec. Note that mediacodec never directly
+# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
+# those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX.
+# Thus, there is no need to use use_pdx macro.
+allow bufferhubd mediacodec:fd use;
diff --git a/public/mediacodec.te b/public/mediacodec.te
index 99ebdb1e436509a2cf5798a2a1e521cfd49f3d46..6ab90eb3ddca40b1518e3782c60ffeac7f44c95d 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -26,6 +26,12 @@ hwbinder_use(mediacodec)
 hwallocator_use(mediacodec)
 allow mediacodec system_file:dir { open read };
 
+# Recieve gralloc buffer FDs from bufferhubd. Note that mediacodec never
+# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
+# between those two: it talks to mediacodec via Binder and talks to bufferhubd
+# via PDX. Thus, there is no need to use use_pdx macro.
+allow mediacodec bufferhubd:fd use;
+
 ###
 ### neverallow rules
 ###