diff --git a/domain.te b/domain.te
index 9a59c49a54cd2c21423ec615ea1af1435b6e7824..6be7dddf4802869ce75c1f3997baf0883076cd4b 100644
--- a/domain.te
+++ b/domain.te
@@ -96,5 +96,12 @@ r_dir_file(domain, sysfs)
 r_dir_file(domain, inotify)
 r_dir_file(domain, cgroup)
 
-# Ignore /sys/kernel/debug
-dontaudit domain debugfs:dir search;
+# debugfs access
+bool debugfs true;
+if (debugfs) {
+allow domain debugfs:dir r_dir_perms;
+allow domain debugfs:file rw_file_perms;
+} else {
+dontaudit domain debugfs:dir r_dir_perms;
+dontaudit domain debugfs:file  rw_file_perms;
+}
diff --git a/system.te b/system.te
index c6fd8bdc6f3c4e8d979216c773fee0f09fbcfdaa..074028543900e4dccfa9d9d35638fc949886390c 100644
--- a/system.te
+++ b/system.te
@@ -83,6 +83,7 @@ allow system appdomain:process { sigkill signal };
 
 # Set scheduling info for apps.
 allow system appdomain:process setsched;
+allow system mediaserver:process setsched;
 
 # Read /proc data for apps.
 allow system appdomain:dir r_dir_perms;