diff --git a/access_vectors b/access_vectors
index 659fb3632ca12ab1245e6f11bdcd620826090777..320a1c8976880bd0a1c9374d06651fa7c0c68d30 100644
--- a/access_vectors
+++ b/access_vectors
@@ -914,6 +914,9 @@ class keystore_key
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 }
 
 class debuggerd
diff --git a/system_server.te b/system_server.te
index 5a88e334c76998e4fbaa7fc93fbb7c3110edec7d..f77f3dc456b860c20d298958d50f3eb6cc6b9c2d 100644
--- a/system_server.te
+++ b/system_server.te
@@ -383,6 +383,9 @@ allow system_server keystore:keystore_key {
 	grant
 	duplicate
 	clear_uid
+	reset_uid
+	sync_uid
+	password_uid
 };
 
 # Allow system server to search and write to the persistent data block device