diff --git a/private/file_contexts b/private/file_contexts
index a2e5a9d67..d616285e6 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -326,6 +326,7 @@
 /system/bin/apexd                u:object_r:apexd_exec:s0
 /system/bin/gsid                 u:object_r:gsid_exec:s0
 /system/bin/simpleperf_app_runner    u:object_r:simpleperf_app_runner_exec:s0
+/system/bin/notify_traceur\.sh       u:object_r:notify_traceur_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/notify_traceur.te b/private/notify_traceur.te
new file mode 100644
index 000000000..ef1fd4f38
--- /dev/null
+++ b/private/notify_traceur.te
@@ -0,0 +1,12 @@
+type notify_traceur, domain, coredomain;
+type notify_traceur_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(notify_traceur);
+binder_use(notify_traceur);
+
+# This is to execute am
+allow notify_traceur activity_service:service_manager find;
+allow notify_traceur shell_exec:file rx_file_perms;
+allow notify_traceur system_file:file rx_file_perms;
+
+binder_call(notify_traceur, system_server);
diff --git a/private/system_server.te b/private/system_server.te
index 27407f07d..4a4898314 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -195,6 +195,7 @@ binder_call(system_server, installd)
 binder_call(system_server, incidentd)
 binder_call(system_server, iorapd)
 binder_call(system_server, netd)
+binder_call(system_server, notify_traceur)
 binder_call(system_server, statsd)
 binder_call(system_server, storaged)
 binder_call(system_server, update_engine)