diff --git a/policy/global_tunables b/policy/global_tunables
index dde7c46759..8bb5e48900 100644
--- a/policy/global_tunables
+++ b/policy/global_tunables
@@ -153,3 +153,17 @@ gen_tunable(use_virtualbox, false)
 ## </p>
 ## </desc>
 gen_tunable(deny_bluetooth,false)
+
+## <desc>
+## <p>
+## A flag to identify machine's cpu arch is mips, mips require more allow policy
+## </p>
+## </desc>
+gen_tunable(arch_is_mips, true)
+
+## <desc>
+## <p>
+## A flag to identify machine's cpu arch is loongson, loongson require more allow policy
+## </p>
+## </desc>
+gen_tunable(arch_is_loongson, true)
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index 615dcbad2d..b4ce2a0457 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -713,3 +713,8 @@ optional_policy(`
 optional_policy(`
     container_spc_stream_connect(domain)
 ')
+
+tunable_policy(`arch_is_mips || arch_is_loongson',`
+    allow domain self:process { execmem execstack };
+    files_execmod_all_files(domain)
+')