diff --git a/sepolicy/ohos_policy/security/security_guard/system/security_collector.te b/sepolicy/ohos_policy/security/security_guard/system/security_collector.te
index d7330b11d185179fa8a2577d5a66835165f0938e..e7749597280510e8b834377b58286bacfb48b2fe 100644
--- a/sepolicy/ohos_policy/security/security_guard/system/security_collector.te
+++ b/sepolicy/ohos_policy/security/security_guard/system/security_collector.te
@@ -103,3 +103,4 @@ allow security_collector sa_storage_manager_service:samgr_class { get };
 binder_call(security_collector, security_guard);
 # avc:  denied  { search } for  pid=2912 comm="security_collec" name="socket" dev="tmpfs" ino=43 scontext=u:r:security_collector:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
 allow security_collector dev_unix_socket:dir { search };
+allow security_collector hdf_devhost_exec:dir { search };
diff --git a/sepolicy/ohos_policy/security/security_guard/system/security_guard.te b/sepolicy/ohos_policy/security/security_guard/system/security_guard.te
index e43ef097d7563b165705b1c085190b3327ec319c..3acaf2227da5826f0e6de5fb3c839275869bff37 100644
--- a/sepolicy/ohos_policy/security/security_guard/system/security_guard.te
+++ b/sepolicy/ohos_policy/security/security_guard/system/security_guard.te
@@ -84,5 +84,7 @@ allow security_guard normal_hap_attr:fd { use };
 # avc:  denied  { read } for  pid=2037 comm="OS_FFRT_2_1" path="/data/storage/el2/base/files/text.json" dev="mmcblk0p15" ino=2627 scontext=u:r:security_guard:s0 tcontext=u:object_r:normal_hap_data_file:s0 tclass=file permissive=1
 allow security_guard normal_hap_data_file:file { read };
 
+allow security_guard hdf_devhost_exec:dir { search };
+
 # avc: denied { call } for pid=1516, comm="/system/bin/sa_main"  scontext=u:r:security_guard:s0 tcontext=u:r:wifi_manager_service:s0 tclass=binder permissive=0
 binder_call(security_guard, wifi_manager_service);