diff --git a/prebuilts/api/33.0/private/sdk_sandbox.te b/prebuilts/api/33.0/private/sdk_sandbox.te
index 46e7be889..d30d3d9b3 100644
--- a/prebuilts/api/33.0/private/sdk_sandbox.te
+++ b/prebuilts/api/33.0/private/sdk_sandbox.te
@@ -33,6 +33,7 @@ allow sdk_sandbox font_service:service_manager find;
 allow sdk_sandbox game_service:service_manager find;
 allow sdk_sandbox gpu_service:service_manager find;
 allow sdk_sandbox graphicsstats_service:service_manager find;
+allow sdk_sandbox hardware_properties_service:service_manager find;
 allow sdk_sandbox hint_service:service_manager find;
 allow sdk_sandbox imms_service:service_manager find;
 allow sdk_sandbox input_method_service:service_manager find;
@@ -89,6 +90,8 @@ allow sdk_sandbox uimode_service:service_manager find;
 allow sdk_sandbox vcn_management_service:service_manager find;
 allow sdk_sandbox webviewupdate_service:service_manager find;
 
+allow sdk_sandbox system_linker_exec:file execute_no_trans;
+
 # Write app-specific trace data to the Perfetto traced damon. This requires
 # connecting to its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(sdk_sandbox)
diff --git a/prebuilts/api/33.0/private/untrusted_app.te b/prebuilts/api/33.0/private/untrusted_app.te
index 62d458ddd..63b095adc 100644
--- a/prebuilts/api/33.0/private/untrusted_app.te
+++ b/prebuilts/api/33.0/private/untrusted_app.te
@@ -14,3 +14,10 @@ app_domain(untrusted_app)
 untrusted_app_domain(untrusted_app)
 net_domain(untrusted_app)
 bluetooth_domain(untrusted_app)
+
+# Allow webview to access fd shared by sdksandbox for experiments data
+# TODO(b/229249719): Will not be supported in Android U
+allow untrusted_app sdk_sandbox_data_file:fd use;
+allow untrusted_app sdk_sandbox_data_file:file write;
+
+neverallow untrusted_app sdk_sandbox_data_file:file { open create };
diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te
index 46e7be889..d30d3d9b3 100644
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te
@@ -33,6 +33,7 @@ allow sdk_sandbox font_service:service_manager find;
 allow sdk_sandbox game_service:service_manager find;
 allow sdk_sandbox gpu_service:service_manager find;
 allow sdk_sandbox graphicsstats_service:service_manager find;
+allow sdk_sandbox hardware_properties_service:service_manager find;
 allow sdk_sandbox hint_service:service_manager find;
 allow sdk_sandbox imms_service:service_manager find;
 allow sdk_sandbox input_method_service:service_manager find;
@@ -89,6 +90,8 @@ allow sdk_sandbox uimode_service:service_manager find;
 allow sdk_sandbox vcn_management_service:service_manager find;
 allow sdk_sandbox webviewupdate_service:service_manager find;
 
+allow sdk_sandbox system_linker_exec:file execute_no_trans;
+
 # Write app-specific trace data to the Perfetto traced damon. This requires
 # connecting to its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(sdk_sandbox)
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 62d458ddd..63b095adc 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -14,3 +14,10 @@ app_domain(untrusted_app)
 untrusted_app_domain(untrusted_app)
 net_domain(untrusted_app)
 bluetooth_domain(untrusted_app)
+
+# Allow webview to access fd shared by sdksandbox for experiments data
+# TODO(b/229249719): Will not be supported in Android U
+allow untrusted_app sdk_sandbox_data_file:fd use;
+allow untrusted_app sdk_sandbox_data_file:file write;
+
+neverallow untrusted_app sdk_sandbox_data_file:file { open create };