diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 0bef9f3..4a07dd7 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -38,6 +38,8 @@
 /dev/socket/thermal-recv-passive-client         u:object_r:thermal_socket:s0
 
 # files in sysfs
+/sys/devices/virtual/thermal(/.*)?                                  u:object_r:sysfs_thermal:s0
+/sys/module/msm_thermal(/.*)?                                       u:object_r:sysfs_thermal:s0
 /sys/devices/virtual/graphics/fb([0-2])+/idle_time                  u:object_r:sysfs_graphics:s0
 
 # files in /system
diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te
index 4a2e138..132abda 100644
--- a/sepolicy/thermal-engine.te
+++ b/sepolicy/thermal-engine.te
@@ -3,6 +3,12 @@ type thermal-engine_exec, exec_type, file_type;
 
 init_daemon_domain(thermal-engine)
 
+allow thermal-engine sysfs_thermal:dir r_dir_perms;
+allow thermal-engine sysfs_thermal:file rw_file_perms;
+
+allow thermal-engine self:socket create_socket_perms;
+allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
+
 userdebug_or_eng(`
 permissive thermal-engine;
 ')