diff --git a/app/src/main/java/com/itsaky/androidide/app/strictmode/WhitelistEngine.kt b/app/src/main/java/com/itsaky/androidide/app/strictmode/WhitelistEngine.kt
index 1c0b755482..02a30e6e66 100644
--- a/app/src/main/java/com/itsaky/androidide/app/strictmode/WhitelistEngine.kt
+++ b/app/src/main/java/com/itsaky/androidide/app/strictmode/WhitelistEngine.kt
@@ -134,6 +134,24 @@ object WhitelistEngine {
 				)
 			}
 
+			rule {
+				ofType<DiskReadViolation>()
+				allow(
+					"""
+					MIUI's AccessController checks whether an access-control password file exists
+					during activity transitions (startActivity). This happens in the system server
+					and is reported back via Binder. Since we can't control when AccessController
+					is called, we allow this violation.
+					""".trimIndent(),
+				)
+
+				matchAdjacentFrames(
+					classAndMethod("java.io.File", "exists"),
+					classAndMethod("com.miui.server.AccessController", "haveAccessControlPassword"),
+					classAndMethod("com.miui.server.SecurityManagerService", "haveAccessControlPassword"),
+				)
+			}
+
 			rule {
 				ofType<DiskReadViolation>()
 				allow(