diff --git a/private/system_server.te b/private/system_server.te
index fee13be5657d90ad98f240dbefdefacdfbf1f328..6dd3e9f989f172d4d79a7a65c414d3f67579cfb1 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -729,7 +729,7 @@ with_asan(`
 # System server never reads the actual content. It passes the descriptor to
 # to privileged apps which acquire the permissions to inspect the profiles.
 allow system_server user_profile_data_file:dir { search };
-allow system_server user_profile_data_file:file { open read };
+allow system_server user_profile_data_file:file { getattr open read };
 
 ###
 ### Neverallow rules