diff --git a/public/virtual_touchpad.te b/public/virtual_touchpad.te
index 8a28cf0d2..c2800e3ef 100644
--- a/public/virtual_touchpad.te
+++ b/public/virtual_touchpad.te
@@ -5,5 +5,12 @@ binder_use(virtual_touchpad)
 binder_service(virtual_touchpad)
 add_service(virtual_touchpad, virtual_touchpad_service)
 
+# Needed to check app permissions.
+binder_call(virtual_touchpad, system_server)
+
 # Requires access to /dev/uinput to create and feed the virtual device.
 allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl };
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow virtual_touchpad permission_service:service_manager find;
diff --git a/public/vr_hwc.te b/public/vr_hwc.te
index 7488cc04f..c0abdcd14 100644
--- a/public/vr_hwc.te
+++ b/public/vr_hwc.te
@@ -8,6 +8,8 @@ binder_use(vr_hwc)
 binder_service(vr_hwc)
 
 binder_call(vr_hwc, surfaceflinger)
+# Needed to check for app permissions.
+binder_call(vr_hwc, system_server)
 # TODO(dnicoara): Remove once vr_wm is disabled.
 binder_call(vr_hwc, vr_wm)
 
@@ -25,3 +27,7 @@ allow vr_hwc ion_device:chr_file r_file_perms;
 # Allow connection to VR DisplayClient to get the primary display metadata
 # (ie: size).
 use_pdx(vr_hwc, surfaceflinger)
+
+# Requires access to the permission service to validate that clients have the
+# appropriate VR permissions.
+allow vr_hwc permission_service:service_manager find;