diff --git a/sepolicy/qcom/bootanim.te b/sepolicy/qcom/bootanim.te
index 9987b46b..4b4ca71f 100644
--- a/sepolicy/qcom/bootanim.te
+++ b/sepolicy/qcom/bootanim.te
@@ -1,3 +1,8 @@
 allow bootanim mpctl_socket:dir search;
 unix_socket_connect(bootanim, mpctl, perfd)
 unix_socket_send(bootanim, mpctl, perfd)
+
+allow bootanim mpdecision:dir search;
+allow bootanim mpdecision:file r_file_perms;
+unix_socket_connect(bootanim, mpctl, mpdecision)
+unix_socket_send(bootanim, mpctl, mpdecision)
diff --git a/sepolicy/qcom/mpdecision.te b/sepolicy/qcom/mpdecision.te
new file mode 100644
index 00000000..9399b326
--- /dev/null
+++ b/sepolicy/qcom/mpdecision.te
@@ -0,0 +1,5 @@
+allow mpdecision sysfs_devices_system_iosched:file rw_file_perms;
+unix_socket_connect(mpdecision, thermal, thermal-engine)
+
+# read /proc/pid files
+r_dir_file(mpdecision, domain)
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
index 8bee8fe7..a93d90ea 100644
--- a/sepolicy/zygote.te
+++ b/sepolicy/zygote.te
@@ -1,3 +1,5 @@
 allow zygote theme_data_file:file r_file_perms;
 allow zygote theme_data_file:dir r_dir_perms;
 
+# ps command may do this
+allow untrusted_app zygote:process getsched;