diff --git a/public/recovery.te b/public/recovery.te
index 12eadee83..d5d16a29a 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -138,6 +138,10 @@ recovery_only(`
   # This line seems suspect, as it should not really need to
   # set scheduling parameters for a kernel domain task.
   allow recovery kernel:process setsched;
+
+  # These are needed to update dynamic partitions in recovery.
+  r_dir_file(recovery, sysfs_dm)
+  allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF };
 ')
 
 ###