diff --git a/private/zygote.te b/private/zygote.te
index 0466372c0..cf5a7a30c 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -3,6 +3,7 @@ typeattribute zygote coredomain;
 typeattribute zygote mlstrustedsubject;
 
 init_daemon_domain(zygote)
+tmpfs_domain(zygote)
 
 read_runtime_log_tags(zygote)
 
@@ -51,6 +52,8 @@ allow zygote dalvikcache_data_file:file execute;
 
 # Allow zygote to create JIT memory.
 allow zygote self:process execmem;
+allow zygote zygote_tmpfs:file execute;
+allow zygote ashmem_device:chr_file execute;
 
 # Execute idmap and dex2oat within zygote's own domain.
 # TODO:  Should either of these be transitioned to the same domain