diff --git a/policy/modules/contrib/sandboxX.te b/policy/modules/contrib/sandboxX.te
index a9b560db05..dae6fa9b1c 100644
--- a/policy/modules/contrib/sandboxX.te
+++ b/policy/modules/contrib/sandboxX.te
@@ -65,7 +65,10 @@ manage_fifo_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xs
 manage_sock_files_pattern(sandbox_xserver_t, sandbox_xserver_tmpfs_t, sandbox_xserver_tmpfs_t)
 fs_tmpfs_filetrans(sandbox_xserver_t, sandbox_xserver_tmpfs_t, { dir file lnk_file sock_file fifo_file })
 
+allow sandbox_xserver_t sandbox_xserver_tmpfs_t:file map;
+
 kernel_dontaudit_request_load_module(sandbox_xserver_t)
+kernel_read_device_sysctls(sandbox_xserver_t)
 kernel_read_system_state(sandbox_xserver_t)
 
 corecmd_exec_bin(sandbox_xserver_t)
@@ -93,6 +96,7 @@ domain_use_interactive_fds(sandbox_xserver_t)
 files_read_config_files(sandbox_xserver_t)
 files_search_home(sandbox_xserver_t)
 fs_dontaudit_rw_tmpfs_files(sandbox_xserver_t)
+fs_getattr_xattr_fs(sandbox_xserver_t)
 fs_search_auto_mountpoints(sandbox_xserver_t)
 
 miscfiles_read_fonts(sandbox_xserver_t)