diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts
index 9620b7512..71a72b4de 100644
--- a/prebuilts/api/30.0/private/file_contexts
+++ b/prebuilts/api/30.0/private/file_contexts
@@ -625,6 +625,7 @@
 /data/incremental(/.*)?                                 u:object_r:apk_data_file:s0
 /data/incremental/MT_[^/]+/mount/.pending_reads         u:object_r:incremental_control_file:s0
 /data/incremental/MT_[^/]+/mount/.log                   u:object_r:incremental_control_file:s0
+/data/incremental/MT_[^/]+/mount/.blocks_written        u:object_r:incremental_control_file:s0
 
 #############################
 # Expanded data files
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 6c9536476..a2ae272b3 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -2000,7 +2000,7 @@
 (typeattributeset surfaceflinger_service_30_0 (surfaceflinger_service))
 (typeattributeset surfaceflinger_tmpfs_30_0 (surfaceflinger_tmpfs))
 (typeattributeset swap_block_device_30_0 (swap_block_device))
-(typeattributeset sysfs_30_0 (sysfs))
+(typeattributeset sysfs_30_0 (sysfs sysfs_fs_incfs_features))
 (typeattributeset sysfs_android_usb_30_0 (sysfs_android_usb))
 (typeattributeset sysfs_batteryinfo_30_0 (sysfs_batteryinfo))
 (typeattributeset sysfs_bluetooth_writable_30_0 (sysfs_bluetooth_writable))
diff --git a/private/file_contexts b/private/file_contexts
index 7aeba9990..0b21e39f2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -668,6 +668,7 @@
 /data/incremental(/.*)?                                 u:object_r:apk_data_file:s0
 /data/incremental/MT_[^/]+/mount/.pending_reads         u:object_r:incremental_control_file:s0
 /data/incremental/MT_[^/]+/mount/.log                   u:object_r:incremental_control_file:s0
+/data/incremental/MT_[^/]+/mount/.blocks_written        u:object_r:incremental_control_file:s0
 
 #############################
 # Expanded data files
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 900b25b4b..4e78804f0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -140,6 +140,7 @@ genfscon sysfs /devices/virtual/wakeup          u:object_r:sysfs_wakeup:s0
 genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
 genfscon sysfs /fs/ext4/features                  u:object_r:sysfs_fs_ext4_features:s0
 genfscon sysfs /fs/f2fs                           u:object_r:sysfs_fs_f2fs:s0
+genfscon sysfs /fs/incremental-fs/features        u:object_r:sysfs_fs_incfs_features:s0
 genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
 genfscon sysfs /power/state u:object_r:sysfs_power:s0
 genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
diff --git a/private/priv_app.te b/private/priv_app.te
index 46362a0ec..9fd319fd0 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -152,9 +152,16 @@ dontaudit priv_app { wifi_prop wifi_hal_prop }:file read;
 allow priv_app system_server:udp_socket {
         connect getattr read recvfrom sendto write getopt setopt };
 
+# Access the IncFS list of features
+r_dir_file(priv_app, sysfs_fs_incfs_features)
+
 # allow apps like Phonesky to check the file signature of an apk installed on
-# the Incremental File System, and fill missing blocks in the apk
-allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS };
+# the Incremental File System, fill missing blocks and get the app status
+allowxperm priv_app apk_data_file:file ioctl {
+  INCFS_IOCTL_READ_SIGNATURE
+  INCFS_IOCTL_FILL_BLOCKS
+  INCFS_IOCTL_GET_BLOCK_COUNT
+};
 
 # allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System
 allow priv_app incremental_control_file:file { read getattr ioctl };
diff --git a/private/system_server.te b/private/system_server.te
index bf5c8e8ac..31c399992 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -24,12 +24,27 @@ allow system_server appdomain_tmpfs:file { getattr map read write };
 # For Incremental Service to check if incfs is available
 allow system_server proc_filesystems:file r_file_perms;
 
-# To create files and get permission to fill blocks on Incremental File System
-allow system_server incremental_control_file:file { ioctl r_file_perms };
-allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL };
+# Access the IncFS list of features
+r_dir_file(system_server, sysfs_fs_incfs_features);
 
-# To get signature of an APK installed on Incremental File System and fill in data blocks
-allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS INCFS_IOCTL_GET_FILLED_BLOCKS };
+# To create files, get permission to fill blocks, and configure Incremental File System
+allow system_server incremental_control_file:file { ioctl r_file_perms };
+allowxperm system_server incremental_control_file:file ioctl {
+  INCFS_IOCTL_CREATE_FILE
+  INCFS_IOCTL_CREATE_MAPPED_FILE
+  INCFS_IOCTL_PERMIT_FILL
+  INCFS_IOCTL_GET_READ_TIMEOUTS
+  INCFS_IOCTL_SET_READ_TIMEOUTS
+};
+
+# To get signature of an APK installed on Incremental File System, and fill in data
+# blocks and get the filesystem state
+allowxperm system_server apk_data_file:file ioctl {
+  INCFS_IOCTL_READ_SIGNATURE
+  INCFS_IOCTL_FILL_BLOCKS
+  INCFS_IOCTL_GET_FILLED_BLOCKS
+  INCFS_IOCTL_GET_BLOCK_COUNT
+};
 
 # For art.
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
diff --git a/public/file.te b/public/file.te
index ccd65e218..1092b90d5 100644
--- a/public/file.te
+++ b/public/file.te
@@ -109,6 +109,7 @@ type sysfs_wakeup, fs_type, sysfs_type;
 type sysfs_wakeup_reasons, fs_type, sysfs_type;
 type sysfs_fs_ext4_features, sysfs_type, fs_type;
 type sysfs_fs_f2fs, sysfs_type, fs_type;
+type sysfs_fs_incfs_features, sysfs_type, fs_type;
 type fs_bpf, fs_type;
 type configfs, fs_type;
 # /sys/devices/cs_etm
diff --git a/public/ioctl_defines b/public/ioctl_defines
index a2e2c4ea9..62c4e6619 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -1066,6 +1066,10 @@ define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f')
 define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720')
 define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721')
 define(`INCFS_IOCTL_GET_FILLED_BLOCKS', `0x00006722')
+define(`INCFS_IOCTL_CREATE_MAPPED_FILE', `0x00006723')
+define(`INCFS_IOCTL_GET_BLOCK_COUNT', `0x00006724')
+define(`INCFS_IOCTL_GET_READ_TIMEOUTS', `0x00006725')
+define(`INCFS_IOCTL_SET_READ_TIMEOUTS', `0x00006726')
 define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501')
 define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502')
 define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500')
diff --git a/public/vold.te b/public/vold.te
index 9ec6bd166..8897fbf29 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -126,6 +126,8 @@ allow vold mnt_expand_file:dir { create_dir_perms mounton };
 allow vold apk_data_file:dir { create getattr setattr };
 allow vold shell_data_file:dir { create getattr setattr };
 
+# Access the IncFS list of features
+r_dir_file(vold, sysfs_fs_incfs_features);
 # Allow to mount incremental file system on /data/incremental and create files
 allow vold apk_data_file:dir { mounton rw_dir_perms };
 # Allow to create and write files in /data/incremental