diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index 286ff4d49..e8fd29e41 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -59,6 +59,10 @@ r_dir_file(update_engine_common, sysfs_dt_firmware_android)
 # Needed because libdm reads sysfs to validate when a dm path is ready.
 r_dir_file(update_engine_common, sysfs_dm)
 
+# Scan files in /sys/fs/ext4 and /sys/fs/f2fs for device-mapper diagnostics.
+allow update_engine_common sysfs:dir r_dir_perms;
+allow update_engine_common sysfs_fs_f2fs:dir r_dir_perms;
+
 # read / write on /dev/device-mapper to map / unmap devices
 allow update_engine_common dm_device:chr_file rw_file_perms;