diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index 2cdde3c72..0bcc99867 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -105,6 +105,8 @@ rules = [
     # ./ and apex_manifest.pb
     (Is('./apex_manifest.pb'), AllowRead('file', {'linkerconfig', 'apexd'})),
     (Is('./'), AllowRead('dir', {'linkerconfig', 'apexd'})),
+    # linker.config.pb
+    (Is('./etc/linker.config.pb'), AllowRead('file', {'linkerconfig'})),
 ]
 
 
diff --git a/tests/apex_sepolicy_tests_test.py b/tests/apex_sepolicy_tests_test.py
index 125290c2d..9b427a0ee 100644
--- a/tests/apex_sepolicy_tests_test.py
+++ b/tests/apex_sepolicy_tests_test.py
@@ -88,6 +88,11 @@ class ApexSepolicyTests(unittest.TestCase):
         self.assert_ok('./etc/init.x32rc u:object_r:vendor_file:s0')
         self.assert_ok('./etc/init.x32rc u:object_r:unknown:s0')
 
+    def test_linkerconfig(self):
+        self.assert_ok('./etc/linker.config.pb u:object_r:system_file:s0')
+        self.assert_ok('./etc/linker.config.pb u:object_r:linkerconfig_file:s0')
+        self.assert_error('./etc/linker.config.pb u:object_r:vendor_file:s0',
+                        r'Error: .*linkerconfig.* can\'t read')
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)