diff --git a/sepolicy/ohos_policy/print/print_service/public/scan_driver_file.te b/sepolicy/ohos_policy/print/print_service/public/scan_driver_file.te
index 9831219a12b3ee407ba22ec17a1c283ddda24f18..2b998f1d08ac6869d30ccf9a05bfc3270ba41b50 100644
--- a/sepolicy/ohos_policy/print/print_service/public/scan_driver_file.te
+++ b/sepolicy/ohos_policy/print/print_service/public/scan_driver_file.te
@@ -13,4 +13,4 @@
 
 neverallow sane_service { data_file_attr -data_service_scan_service_driver_file }:file { execute };
 neverallow { domain -installs } data_service_scan_service_driver_file:file { write };
-neverallow { domain -installs updater_only(`-updater') } data_service_scan_service_driver_file:dir { write };
+neverallow { domain -installs updater_only(`-updater') -init } data_service_scan_service_driver_file:dir { write };
diff --git a/sepolicy/ohos_policy/print/print_service/system/init.te b/sepolicy/ohos_policy/print/print_service/system/init.te
index 5b15777b82da1f6bac8b55ca6e6193d6d0272835..5881a61e7eda67bc3eac1889dc6458af47f063d3 100644
--- a/sepolicy/ohos_policy/print/print_service/system/init.te
+++ b/sepolicy/ohos_policy/print/print_service/system/init.te
@@ -21,11 +21,12 @@ allow init print_driver_exec:dir { add_name create write getattr open read relab
 allow init print_driver_exec:file { relabelto };
 allow init print_driver_read:dir { add_name create write getattr open read relabelto relabelfrom search setattr };
 allow init print_driver_tmp:dir { add_name create write getattr open read relabelto search setattr };
-allow init data_service_sane_service_config_file:dir { getattr setattr open read relabelto };
+allow init data_service_sane_service_config_file:dir { getattr setattr open read relabelto search write add_name };
+allow init data_service_sane_service_config_file:file { create open write };
 allow init data_service_sane_service_tmp_file:dir { search setattr };
-allow init data_service_scan_service_driver_file:dir { getattr setattr open read };
+allow init data_service_scan_service_driver_file:dir { getattr setattr open read write add_name search };
+allow init data_service_scan_service_driver_file:lnk_file { create };
 allow init sane_service:dir { getattr };
 allow init scan_service:dir { getattr };
 allow init sane_service:process { rlimitinh siginh transition };
-allow init data_service_sane_service_config_file:dir { open read relabelto };
 allow init data_service_sane_service_tmp_file:dir { create getattr open read relabelto write add_name };
diff --git a/sepolicy/ohos_policy/print/print_service/system/sane_service.te b/sepolicy/ohos_policy/print/print_service/system/sane_service.te
index 212c4125488b51883942d5364c046ddb4da2622a..cf838ea1555d90ee9cf6af87f4b59d707ab7e998 100644
--- a/sepolicy/ohos_policy/print/print_service/system/sane_service.te
+++ b/sepolicy/ohos_policy/print/print_service/system/sane_service.te
@@ -40,3 +40,4 @@ allowxperm sane_service sane_service:udp_socket ioctl { 0x8912 0x8915 0x891b };
 allow sane_service sys_file:dir { open read };
 allow sane_service sys_file:file { open read };
 allow sane_service data_service_scan_service_driver_file:xpm { exec_allow_release_ownerid exec_allow_debug_ownerid };
+allow sane_service data_service_scan_service_driver_file:lnk_file { read };