diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index f9a41e1bb..7063152ef 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -93,6 +93,7 @@
     system_unsolzygote_socket
     tethering_service
     traced_perf
+    traced_perf_enabled_prop
     traced_perf_socket
     timezonedetector_service
     untrusted_app_29
diff --git a/private/domain.te b/private/domain.te
index f54f2c965..32b40c179 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -29,7 +29,8 @@ userdebug_or_eng(`can_profile_heap_userdebug_or_eng({
 })')
 
 # As above, allow perf profiling most processes on debug builds.
-# Do not diverge the two lists without a really good reason.
+# zygote is excluded as system-wide profiling could end up with it
+# (unexpectedly) holding an open fd across a fork.
 userdebug_or_eng(`can_profile_perf({
   domain
   -bpfloader
@@ -45,6 +46,7 @@ userdebug_or_eng(`can_profile_perf({
   -ueventd
   -vendor_init
   -vold
+  -zygote
 })')
 
 # Path resolution access in cgroups.
diff --git a/private/property_contexts b/private/property_contexts
index 6315c888f..cba09a536 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -77,6 +77,7 @@ persist.security.       u:object_r:system_prop:s0
 persist.traced.enable   u:object_r:traced_enabled_prop:s0
 traced.lazy.            u:object_r:traced_lazy_prop:s0
 persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
+persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
 persist.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0
diff --git a/private/traced_perf.te b/private/traced_perf.te
index 7a78d7904..9483e6cb4 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te
@@ -36,6 +36,11 @@ r_dir_file(traced_perf, vendor_file_type)
 # domains that it cannot read.
 dontaudit traced_perf domain:dir { search getattr open };
 
+# Do not audit failures to signal a process, as there are cases when this is
+# expected (native processes on debug builds use the policy for enforcing which
+# processes are profileable).
+dontaudit traced_perf domain:process signal;
+
 # Never allow access to app data files
 neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
 
diff --git a/public/property.te b/public/property.te
index 469666881..21e220d6c 100644
--- a/public/property.te
+++ b/public/property.te
@@ -22,6 +22,7 @@ system_internal_prop(pm_prop)
 system_internal_prop(userspace_reboot_log_prop)
 system_internal_prop(system_adbd_prop)
 system_internal_prop(adbd_prop)
+system_internal_prop(traced_perf_enabled_prop)
 
 compatible_property_only(`
     # DO NOT ADD ANY PROPERTIES HERE
diff --git a/public/shell.te b/public/shell.te
index 0a9746599..79d5c89b3 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -78,6 +78,9 @@ userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
 # Allow shell to start/stop heapprofd via the persist.heapprofd.enable
 # property.
 set_prop(shell, heapprofd_enabled_prop)
+# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
+# property.
+set_prop(shell, traced_perf_enabled_prop)
 # Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
 set_prop(shell, ctl_gsid_prop)
 # Allow shell to enable Dynamic System Update