diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index 36cccdf63..a05f3defc 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -5,6 +5,11 @@ typeattribute gmscore_app coredomain;
 
 app_domain(gmscore_app)
 
+# TODO(b/217368496): remove this.
+perfetto_producer(gmscore_app)
+can_profile_heap(gmscore_app)
+can_profile_perf(gmscore_app)
+
 allow gmscore_app sysfs_type:dir search;
 # Read access to /sys/class/net/wlan*/address
 r_dir_file(gmscore_app, sysfs_net)
diff --git a/private/platform_app.te b/private/platform_app.te
index 9764eabad..20c9820ce 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -109,6 +109,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms;
 # Allow platform apps to act as Perfetto producers.
 perfetto_producer(platform_app)
 
+# TODO(b/217368496): remove this.
+can_profile_heap(platform_app)
+can_profile_perf(platform_app)
+
 # Allow platform apps to create VMs
 virtualizationservice_use(platform_app)
 
diff --git a/private/system_server.te b/private/system_server.te
index 7024c5ac0..f70744d1c 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -14,6 +14,11 @@ tmpfs_domain(system_server)
 
 userfaultfd_use(system_server)
 
+# TODO(b/217368496): remove this.
+perfetto_producer(system_server)
+can_profile_heap(system_server)
+can_profile_perf(system_server)
+
 # Create a socket for connections from crash_dump.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";