diff --git a/private/traced_probes.te b/private/traced_probes.te
index 689ff5c61..2136fe127 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -29,6 +29,9 @@ allow traced_probes self:global_capability_class_set { sys_nice };
 # Allow procfs access
 r_dir_file(traced_probes, domain)
 
+# Allow to read packages.list file.
+allow traced_probes packages_list_file:file r_file_perms;
+
 # Allow to log to kernel dmesg when starting / stopping ftrace.
 allow traced_probes kmsg_device:chr_file write;
 
@@ -41,7 +44,8 @@ allow traced_probes self:global_capability_class_set dac_read_search;
 allow traced_probes apk_data_file:dir { getattr open read search };
 allow traced_probes dalvikcache_data_file:dir { getattr open read search };
 userdebug_or_eng(`
-allow traced_probes system_data_file:dir { getattr open read search };
+# search and getattr are granted via domain and coredomain, respectively.
+allow traced_probes system_data_file:dir { open read };
 ')
 allow traced_probes system_app_data_file:dir { getattr open read search };
 allow traced_probes backup_data_file:dir { getattr open read search };
@@ -108,7 +112,7 @@ neverallow traced_probes {
 neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
 neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
 neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
-neverallow traced_probes { data_file_type -zoneinfo_data_file }:file *;
+neverallow traced_probes { data_file_type -zoneinfo_data_file -packages_list_file }:file *;
 
 # Only init is allowed to enter the traced_probes domain via exec()
 neverallow { domain -init } traced_probes:process transition;